Jump to content

Eleventeen

Members
  • Posts

    13
  • Joined

  • Last visited

Everything posted by Eleventeen

  1. Apologies for disappearing - it's been a bit of a crazy week and I basically just kept MBAM web protection disabled until today. With the 1.0.391 component update, things are much better! I'm able to connect to sites with both MBAM and ESET enabled, and everything seems to be back to normal. Thank you Malwarebytes guys! ?
  2. @Maurice Naggar this behavior is across all 3 browsers: Chrome, Firefox and Edge. @dcollinsThat was actually the FIRST thing I did last night when I started having issues and couldn't even connect to my router -- I disabled ESET's firewall and web filtering modules, but still had the same issue. I've just disabled all of the modules in ESET, which is about as close to disabling the software as you can get without uninstalling it (I think...), enabled MBAM's web protection and still have the same problem. The only thing that resolves the problem is disabling the web protection in MBAM. A couple of observations: I'm able to ping the domains that I can't connect to when web protection is enabled, and things generally look fine. However the browser can't connect to those same domains. If I disable web protection, visit a site that I can't connect to with web protection enabled, and then re-enable web protection, the browser is able to connect to that site. This persists even if caches are cleared, or the browser is closed. A system restart results in no sites being accessible. I wonder if this is DNS related? With web protection on, ESET cannot connect to its update server.
  3. Hi @Maurice Naggar, I've added the 6 MBAM executables you've listed above to my list of exclusions in ESET and restarted. But when I re-enable the web protection I have the same behavior as before and can't connect to most websites again.
  4. Sure @dcollins, file is attached. Also, it's worth noting that even connections to my wireless/wired router (by IP address) failed when web protection was enabled. Thanks for looking into this! mbst-grab-results.zip
  5. I'm having the same issue as DimDiam, as of last night. I'm unable to access most websites with MBAM (Premium) web protection enabled. It seems like only Google websites and Reddit, and perhaps 1 or 2 others that I tried are accessible. Otherwise, other reputable websites (news, games, discussion boards, etc) all fail to be connected to. I've tested this in Google and Firefox, and end up with the same result: Firefox will time out performing a TLS handshake with HTTPS sites, and Chrome just seems to get an empty response back after a long time. Disabling web protection resolves the problem immediately. Note that I'm also using ESET Internet Security alongside MBAM and have had zero issues until last night. If I can provide any more info, please let me know!
  6. Thanks Screen for taking your time to help me! While not strictly related to the "port 4444" problem, I've been noticing some other odd outgoing connections in the 216.246.75.* range, which resolve to "unknown.scnet.net". svchost.exe is also initiating these connections. I see them immediately after logging onto my desktop. It's usually just a single connection which closes after awhile, but after adding a log rule to Comodo I see "windows operating system" trying to connect to an "unknown.scnet.net" address again. Some of the addresses I've seen are: 216.246.75.122 216.246.75.123 216.246.75.131 216.246.75.236 The source ports seem to be in the 50000s and the destination port is 80. I'm not sure what to make of this... even after all the scans we've run I'm still concerned something is trying to "phone home"!
  7. Thanks screen317! Yes, I had MSSE installed alongside Avast, but after getting the pro version of MBAM I decided MSSE was overkill and I disabled the startup item and the MSSE service. I figured I could still used it as an on-demand scanner, but I've uninstalled it now. Here are the scan logs: The ESET scanner log only had three lines. I did run it once at the beginning of May, could that be the cause?: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=53251 Results of screen317's Security Check version 0.99.13 Windows 7 Service Pack 1 (UAC is enabled) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! avast! Internet Security ESET Online Scanner v3 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java 6 Update 26 Adobe Flash Player 10.3.181.22 Adobe Reader X (10.0.1) Mozilla Firefox (x86 en-US..) Mozilla Thunderbird (3.1.10) Thunderbird Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe Comodo Firewall cmdagent.exe Comodo Firewall cfp.exe system32 OnlineCmdLineScanner.exe -?- system32 AvastSvc.exe -?- AVAST Software Avast AvastUI.exe ``````````End of Log```````````` I haven't noticed any more strange connections on port 4444 since I originally posted this topic, but after all these scans does it look like my PC is clean? I'm still unsure of what caused the outgoing connections in the first place. It seems odd that my PC would send connections directly to my router on port 4444, and that's mainly why I posted here. The time of the connections did coincide exactly with a Google Chrome update, and I'm wondering if the Google Updater is to blame here? But again, why would svchost be sending connections to my router on port 4444? If I remember correctly from Comodo's Active Connections list, each connection to my router was 66 bytes in and out - single packets? I've seen nothing unusual in the router logs or Comodo. I've actually added a block + log rule so any outgoing/incoming connections on destination port 4444 are blocked - nothing yet! Thanks for taking your time to help me!
  8. Hi Screen317, thanks very much for your help, it's greatly appreciated! Sorry about the code boxes, I didn't realize they would end up all colorized and hard to read like that! Here are the scan results you asked me to run - I wasn't sure if you wanted Attach.txt from DDS so I zipped and attached it just in case. Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6838 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 6/12/2011 2:28:07 AM mbam-log-2011-06-12 (02-28-07).txt Scan type: Quick scan Objects scanned: 143765 Time elapsed: 3 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_2011-06-03.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Rick at 2:47:37 on 2011-06-12 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3069.1750 [GMT -4:00] . AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC} FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\vcsFPService.exe C:\Windows\system32\WLANExt.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Program Files\DigitalPersona\Bin\DpHostW.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\IDT\WDM\aestsrv.exe C:\Program Files\Secunia\PSI\sua.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Battery Status\BattStat.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Panda USB Vaccine\USBVaccine.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\DigitalPersona\Bin\DpAgent.exe C:\Program Files\Apoint2K\Apoint.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Sandboxie\SbieCtrl.exe C:\Windows\System32\StikyNot.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\system32\conhost.exe C:\Program Files\Sandboxie\SandboxieRpcSs.exe C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Sandboxie\SandboxieCrypto.exe C:\Windows\System32\rundll32.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Syncplicity\Syncplicity.exe C:\Windows\explorer.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files\digitalpersona\bin\DpOtsPluginIe8.dll BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll uRun: [syncplicity] c:\program files\syncplicity\Syncplicity.exe uRun: [sandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe" uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe uRun: [EPSON Stylus CX4800 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiada.exe /fu "c:\windows\temp\E_SB9B7.tmp" /EF "HKCU" uRun: [Google Update] "c:\users\rick\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{BE058F8F-6828-47D5-8D1E-D43597911C92} : DhcpNameServer = 192.168.0.1 Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll AppInit_DLLs: c:\windows\system32\guard32.dll LSA: Notification Packages = scecli DPPWDFLT . ================= FIREFOX =================== . FF - ProfilePath - c:\users\rick\appdata\roaming\mozilla\firefox\profiles\u1h5flix.default\ FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\users\rick\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-27 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-27 307928] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-5-2 238960] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-5-2 37592] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2011-5-8 81920] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-27 19544] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-4-27 53592] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-10 42184] R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-28 366640] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416] R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-2-23 1799472] R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-5-8 227896] R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2011-5-8 65360] R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-5-26 136304] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-28 22712] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-5-8 139368] R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-3-24 126696] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776] S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-28 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-27 1343400] . =============== Created Last 30 ================ . 2011-06-01 23:49:44 -------- d-----w- c:\programdata\Panda Security 2011-06-01 23:49:40 -------- d-----w- c:\program files\Panda USB Vaccine 2011-06-01 04:11:44 6962000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5566af0e-364f-4675-ae1b-e35ef2c92604}\mpengine.dll 2011-05-30 02:35:30 -------- d-----w- c:\program files\ArdfryImaging 2011-05-26 00:42:24 -------- d-----w- c:\windows\system32\appmgmt 2011-05-24 18:19:57 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-05-21 05:43:22 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll 2011-05-21 05:43:19 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{638143b9-2f99-4cc5-8343-536f58a8d470}\gapaengine.dll 2011-05-19 05:59:36 -------- d-----w- c:\windows\pss 2011-05-19 05:57:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-19 05:51:49 -------- d-----w- c:\users\rick\appdata\local\Secunia PSI 2011-05-19 05:51:41 -------- d-----w- c:\program files\Secunia 2011-05-19 04:32:48 -------- d-----w- c:\program files\Battery Status 2011-05-18 03:58:12 -------- d-----r- C:\Sandbox 2011-05-18 03:56:01 -------- d-----w- c:\program files\Sandboxie 2011-05-17 04:48:34 53248 ----a-r- c:\users\rick\appdata\roaming\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe 2011-05-17 04:48:20 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2011-05-17 04:45:43 -------- d-----w- c:\users\rick\appdata\roaming\Logishrd 2011-05-17 04:40:09 80024 ----a-w- c:\windows\system32\PICSDK.dll 2011-05-17 04:40:09 51360 ----a-w- c:\windows\system32\EpPicPrt.dll 2011-05-17 04:40:09 51360 ----a-w- c:\windows\system32\EpPicMgr.dll 2011-05-17 04:40:09 501912 ----a-w- c:\windows\system32\PICSDK2.dll 2011-05-17 04:40:09 108704 ----a-w- c:\windows\system32\PICEntry.dll 2011-05-17 04:40:01 -------- d-----w- c:\programdata\EPSON 2011-05-17 04:39:05 76800 ----a-w- c:\windows\system32\E_FLBADA.DLL 2011-05-17 04:39:03 62976 ----a-w- c:\windows\system32\E_FD4BADA.DLL 2011-05-17 04:38:25 -------- d-----w- c:\program files\epson 2011-05-17 04:38:24 61952 ----a-w- c:\windows\system32\escwiad.dll 2011-05-16 21:04:58 -------- d-----w- c:\users\rick\appdata\roaming\Softland 2011-05-16 21:04:56 23376 ----a-w- c:\windows\system32\dopdfmn7.dll 2011-05-16 21:04:56 20816 ----a-w- c:\windows\system32\dopdfmi7.dll 2011-05-16 21:04:55 1700352 ----a-w- c:\windows\system32\GdiPlus.dll 2011-05-16 21:04:52 -------- d-----w- c:\program files\Softland . ==================== Find3M ==================== . 2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr 2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-10 11:59:44 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-05-09 03:25:11 6656 ----a-w- c:\windows\system32\bcmwlrc.dll 2011-05-09 03:25:09 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll 2011-05-09 03:25:09 3555328 ----a-w- c:\windows\system32\bcmihvui.dll 2011-05-09 03:25:09 2710592 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS 2011-05-09 03:25:08 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll 2011-05-03 00:36:44 37592 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2011-05-03 00:36:42 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2011-05-03 00:36:42 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys 2011-05-03 00:36:04 284744 ----a-w- c:\windows\system32\guard32.dll 2011-04-28 17:04:45 152576 ----a-w- c:\windows\system32\msclmd.dll 2011-04-28 04:43:47 231248 ----a-w- c:\windows\system32\drivers\truecrypt.sys 2011-04-28 03:52:48 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-26 19:10:34 44784 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2011-04-26 19:10:34 122224 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys 2011-04-26 19:10:34 111280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2011-04-26 19:10:32 162544 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2011-04-26 19:10:32 135472 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll 2011-04-09 06:02:25 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-04-09 06:02:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe 2011-04-08 02:43:36 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll 2011-04-08 02:43:34 66664 ----a-w- c:\windows\system32\nvshext.dll 2011-04-08 02:43:34 612456 ----a-w- c:\windows\system32\nvvsvc.exe 2011-04-08 02:43:34 293992 ----a-w- c:\windows\system32\nvhotkey.dll 2011-04-08 02:43:34 2582120 ----a-w- c:\windows\system32\nvsvcr.dll 2011-04-08 02:43:34 111208 ----a-w- c:\windows\system32\nvmctray.dll 2011-04-08 02:43:20 3701352 ----a-w- c:\windows\system32\nvcpl.dll 2011-04-08 02:43:04 2565224 ----a-w- c:\windows\system32\nvsvc.dll 2011-03-29 08:00:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll 2011-03-25 02:58:37 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys 2011-03-25 02:58:07 284672 ----a-w- c:\windows\system32\drivers\usbport.sys 2011-03-25 02:58:06 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2011-03-25 02:57:58 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys 2011-03-25 02:57:56 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2011-03-25 02:57:53 5888 ----a-w- c:\windows\system32\drivers\usbd.sys 2011-03-24 19:35:18 243200 ----a-w- c:\windows\system32\xvidvfw.dll 2011-03-24 19:28:12 631808 ----a-w- c:\windows\system32\xvidcore.dll 2011-03-19 19:00:38 151552 ----a-w- c:\windows\system32\ac3acm.acm . ============= FINISH: 2:49:55.99 =============== ComboFix 11-06-11.01 - Rick 06/12/2011 3:04.1.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3069.2039 [GMT -4:00] Running from: c:\users\Rick\Downloads\ComboFix.exe AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A} SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2011-05-12 to 2011-06-12 ))))))))))))))))))))))))))))))) . . 2011-06-12 07:21 . 2011-06-12 07:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-01 23:49 . 2011-06-01 23:49 -------- d-----w- c:\programdata\Panda Security 2011-06-01 23:49 . 2011-06-01 23:49 -------- d-----w- c:\program files\Panda USB Vaccine 2011-06-01 04:11 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5566AF0E-364F-4675-AE1B-E35EF2C92604}\mpengine.dll 2011-05-30 02:35 . 2011-05-30 02:35 -------- d-----w- c:\program files\ArdfryImaging 2011-05-24 18:19 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-05-21 05:43 . 2011-04-29 04:15 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2011-05-21 05:43 . 2011-04-29 04:15 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{638143B9-2F99-4CC5-8343-536F58A8D470}\gapaengine.dll 2011-05-19 05:57 . 2011-06-07 02:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-19 05:51 . 2011-05-19 05:51 -------- d-----w- c:\users\Rick\AppData\Local\Secunia PSI 2011-05-19 05:51 . 2011-05-19 05:51 -------- d-----w- c:\program files\Secunia 2011-05-19 04:32 . 2011-05-19 04:32 -------- d-----w- c:\program files\Battery Status 2011-05-18 03:58 . 2011-05-18 03:58 -------- d-----r- C:\Sandbox 2011-05-18 03:56 . 2011-05-18 03:56 -------- d-----w- c:\program files\Sandboxie 2011-05-17 04:48 . 2011-05-17 04:48 -------- d-----w- c:\users\Rick\AppData\Roaming\Leadertech 2011-05-17 04:48 . 2011-05-17 04:48 53248 ----a-r- c:\users\Rick\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-05-17 04:48 . 2011-05-17 04:48 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2011-05-17 04:47 . 2011-05-17 04:53 -------- d-----w- c:\programdata\Logishrd 2011-05-17 04:47 . 2011-05-17 04:47 -------- d-----w- c:\program files\Logitech 2011-05-17 04:46 . 2011-05-17 04:48 -------- d-----w- c:\program files\Common Files\Logishrd 2011-05-17 04:45 . 2011-05-17 04:53 -------- d-----w- c:\users\Rick\AppData\Roaming\Logitech 2011-05-17 04:45 . 2011-05-17 04:45 -------- d-----w- c:\users\Rick\AppData\Roaming\Logishrd 2011-05-17 04:40 . 2006-10-31 04:10 51360 ----a-w- c:\windows\system32\EpPicPrt.dll 2011-05-17 04:40 . 2006-10-31 04:10 51360 ----a-w- c:\windows\system32\EpPicMgr.dll 2011-05-17 04:40 . 2006-10-20 04:10 80024 ----a-w- c:\windows\system32\PICSDK.dll 2011-05-17 04:40 . 2006-10-20 04:10 501912 ----a-w- c:\windows\system32\PICSDK2.dll 2011-05-17 04:40 . 2006-10-20 04:10 108704 ----a-w- c:\windows\system32\PICEntry.dll 2011-05-17 04:40 . 2011-05-17 04:40 -------- d-----w- c:\users\Rick\AppData\Roaming\InstallShield 2011-05-17 04:40 . 2011-05-17 04:40 -------- d-----w- c:\programdata\EPSON 2011-05-17 04:39 . 2006-12-08 06:04 76800 ----a-w- c:\windows\system32\E_FLBADA.DLL 2011-05-17 04:39 . 2006-04-19 06:00 62976 ----a-w- c:\windows\system32\E_FD4BADA.DLL 2011-05-17 04:38 . 2011-05-17 04:38 -------- d-----w- c:\program files\epson 2011-05-17 04:38 . 2006-10-13 04:00 61952 ----a-w- c:\windows\system32\escwiad.dll 2011-05-16 21:04 . 2011-05-16 21:04 -------- d-----w- c:\users\Rick\AppData\Roaming\Softland 2011-05-16 21:04 . 2011-04-27 19:47 23376 ----a-w- c:\windows\system32\dopdfmn7.dll 2011-05-16 21:04 . 2011-04-27 19:47 20816 ----a-w- c:\windows\system32\dopdfmi7.dll 2011-05-16 21:04 . 2010-02-05 19:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll 2011-05-16 21:04 . 2011-05-16 21:04 -------- d-----w- c:\program files\Softland 2011-05-15 01:22 . 2011-05-15 01:22 -------- d-----w- c:\users\Public\Roaming . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 13:11 . 2011-04-28 04:05 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11 . 2011-04-28 04:05 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-10 12:10 . 2011-04-28 01:47 40112 ----a-w- c:\windows\avastSS.scr 2011-05-10 12:10 . 2011-04-28 01:47 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-05-10 12:03 . 2011-04-28 01:49 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-10 12:03 . 2011-04-28 01:50 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-05-10 12:02 . 2011-04-28 01:49 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-05-10 11:59 . 2011-04-28 01:49 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-05-10 11:59 . 2011-04-28 01:49 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-05-10 11:59 . 2011-04-28 01:50 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-05-09 20:46 . 2011-04-29 06:35 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-05-09 03:25 . 2011-05-09 03:25 6656 ----a-w- c:\windows\system32\bcmwlrc.dll 2011-05-09 03:25 . 2011-05-09 03:25 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll 2011-05-09 03:25 . 2011-05-09 03:25 3555328 ----a-w- c:\windows\system32\bcmihvui.dll 2011-05-09 03:25 . 2011-05-09 03:25 2710592 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS 2011-05-09 03:25 . 2011-05-09 03:25 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll 2011-05-07 20:17 . 2011-05-07 20:17 82400 ----a-w- c:\windows\system32\drivers\inspect.sys 2011-05-03 00:36 . 2011-05-03 00:36 37592 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2011-05-03 00:36 . 2011-05-03 00:36 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2011-05-03 00:36 . 2011-05-03 00:36 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys 2011-05-03 00:36 . 2011-05-03 00:36 284744 ----a-w- c:\windows\system32\guard32.dll 2011-04-28 17:04 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2011-04-28 04:43 . 2011-04-28 04:43 231248 ----a-w- c:\windows\system32\drivers\truecrypt.sys 2011-04-28 03:52 . 2011-04-28 03:52 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-28 02:38 . 2011-04-28 02:38 86528 ----a-w- c:\windows\system32\iesysprep.dll 2011-04-28 02:38 . 2011-04-28 02:38 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-04-28 02:38 . 2011-04-28 02:38 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-04-28 02:38 . 2011-04-28 02:38 74752 ----a-w- c:\windows\system32\iesetup.dll 2011-04-28 02:38 . 2011-04-28 02:38 63488 ----a-w- c:\windows\system32\tdc.ocx 2011-04-28 02:38 . 2011-04-28 02:38 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-04-28 02:38 . 2011-04-28 02:38 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-04-28 02:38 . 2011-04-28 02:38 367104 ----a-w- c:\windows\system32\html.iec 2011-04-28 02:38 . 2011-04-28 02:38 35840 ----a-w- c:\windows\system32\imgutil.dll 2011-04-28 02:38 . 2011-04-28 02:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-04-28 02:38 . 2011-04-28 02:38 23552 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-28 02:38 . 2011-04-28 02:38 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-04-28 02:38 . 2011-04-28 02:38 161792 ----a-w- c:\windows\system32\msls31.dll 2011-04-28 02:38 . 2011-04-28 02:38 152064 ----a-w- c:\windows\system32\wextract.exe 2011-04-28 02:38 . 2011-04-28 02:38 150528 ----a-w- c:\windows\system32\iexpress.exe 2011-04-28 02:38 . 2011-04-28 02:38 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2011-04-28 02:38 . 2011-04-28 02:38 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-28 02:38 . 2011-04-28 02:38 11776 ----a-w- c:\windows\system32\mshta.exe 2011-04-28 02:38 . 2011-04-28 02:38 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-04-28 02:38 . 2011-04-28 02:38 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-04-28 02:38 . 2011-04-28 02:38 101888 ----a-w- c:\windows\system32\admparse.dll 2011-04-26 19:10 . 2011-05-01 19:40 44784 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2011-04-26 19:10 . 2011-04-26 19:10 122224 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys 2011-04-26 19:10 . 2011-04-26 19:10 111280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2011-04-26 19:10 . 2011-05-01 19:40 162544 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2011-04-26 19:10 . 2011-04-26 19:10 135472 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll 2011-04-18 13:15 . 2011-04-28 01:33 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3128556-9E56-4B08-8E72-E1C832096E15}\mpengine.dll 2011-04-09 06:02 . 2011-05-10 21:33 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-04-09 06:02 . 2011-05-10 21:33 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 05:56 . 2011-05-11 02:25 123904 ----a-w- c:\windows\system32\poqexec.exe 2011-04-08 05:14 . 2011-05-09 03:40 6299752 ----a-w- c:\windows\system32\nvwgf2um.dll 2011-04-08 05:14 . 2011-05-09 03:40 57960 ----a-w- c:\windows\system32\OpenCL.dll 2011-04-08 05:14 . 2011-05-09 03:40 15227496 ----a-w- c:\windows\system32\nvoglv32.dll 2011-04-08 05:14 . 2011-05-09 03:40 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll 2011-04-08 05:14 . 2011-05-09 03:40 855656 ----a-w- c:\windows\system32\nvgenco322060.dll 2011-04-08 05:14 . 2011-05-09 03:40 5180824 ----a-w- c:\windows\system32\nvcuda.dll 2011-04-08 05:14 . 2011-05-09 03:40 2765928 ----a-w- c:\windows\system32\nvcuvid.dll 2011-04-08 05:14 . 2011-05-09 03:40 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-04-08 05:14 . 2011-05-09 03:40 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-04-08 05:14 . 2011-05-09 03:40 10071656 ----a-w- c:\windows\system32\nvd3dum.dll 2011-04-08 05:14 . 2011-05-09 03:40 2034280 ----a-w- c:\windows\system32\nvapi.dll 2011-04-08 05:14 . 2011-05-09 03:40 13007464 ----a-w- c:\windows\system32\nvcompiler.dll 2011-04-08 05:14 . 2011-05-09 03:40 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd 2011-04-08 02:43 . 2011-04-08 02:43 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll 2011-04-08 02:43 . 2011-04-08 02:43 66664 ----a-w- c:\windows\system32\nvshext.dll 2011-04-08 02:43 . 2011-04-08 02:43 612456 ----a-w- c:\windows\system32\nvvsvc.exe 2011-04-08 02:43 . 2011-04-08 02:43 293992 ----a-w- c:\windows\system32\nvhotkey.dll 2011-04-08 02:43 . 2011-04-08 02:43 2582120 ----a-w- c:\windows\system32\nvsvcr.dll 2011-04-08 02:43 . 2011-04-08 02:43 111208 ----a-w- c:\windows\system32\nvmctray.dll 2011-04-08 02:43 . 2011-04-08 02:43 3701352 ----a-w- c:\windows\system32\nvcpl.dll 2011-04-08 02:43 . 2011-04-08 02:43 2565224 ----a-w- c:\windows\system32\nvsvc.dll 2011-03-29 08:00 . 2011-04-29 22:59 80896 ----a-w- c:\windows\system32\ff_vfw.dll 2011-03-25 02:58 . 2011-05-10 21:33 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys 2011-03-25 02:58 . 2011-05-10 21:33 284672 ----a-w- c:\windows\system32\drivers\usbport.sys 2011-03-25 02:58 . 2011-05-10 21:33 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2011-03-25 02:57 . 2011-05-10 21:33 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys 2011-03-25 02:57 . 2011-05-10 21:33 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2011-03-25 02:57 . 2011-05-10 21:33 5888 ----a-w- c:\windows\system32\drivers\usbd.sys 2011-03-24 19:35 . 2011-04-29 22:59 243200 ----a-w- c:\windows\system32\xvidvfw.dll 2011-03-24 19:28 . 2011-04-29 22:59 631808 ----a-w- c:\windows\system32\xvidcore.dll 2011-03-19 19:00 . 2011-04-29 22:59 151552 ----a-w- c:\windows\system32\ac3acm.acm 2011-05-19 06:56 . 2011-04-28 04:30 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Syncplicity Icon Overlay (Folder)] @="{02FCECC2-84DC-4FAA-A718-C41FFCA5B8D1}" [HKEY_CLASSES_ROOT\CLSID\{02FCECC2-84DC-4FAA-A718-C41FFCA5B8D1}] 2011-04-20 19:01 38400 ----a-w- c:\program files\Syncplicity\SyncplicityShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Syncplicity Icon Overlay (Fully Synced)] @="{CA4FCCBF-F4B7-4DD1-861E-1F42AAD396D1}" [HKEY_CLASSES_ROOT\CLSID\{CA4FCCBF-F4B7-4DD1-861E-1F42AAD396D1}] 2011-04-20 19:01 38400 ----a-w- c:\program files\Syncplicity\SyncplicityShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Syncplicity Icon Overlay (Not Latest Version)] @="{284C090F-EB1D-4A6E-872E-6DB72E417E24}" [HKEY_CLASSES_ROOT\CLSID\{284C090F-EB1D-4A6E-872E-6DB72E417E24}] 2011-04-20 19:01 38400 ----a-w- c:\program files\Syncplicity\SyncplicityShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Syncplicity Icon Overlay (Shared Folder)] @="{3DFC86AD-F2CC-4AdA-98DD-AC5DC84119CC}" [HKEY_CLASSES_ROOT\CLSID\{3DFC86AD-F2CC-4AdA-98DD-AC5DC84119CC}] 2011-04-20 19:01 38400 ----a-w- c:\program files\Syncplicity\SyncplicityShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Syncplicity"="c:\program files\Syncplicity\Syncplicity.exe" [2011-04-20 679936] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-03-24 409320] "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-07-22 495708] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272] "DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-12-01 842816] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-14 282624] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-05-10 2552648] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\guard32.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Users^Rick^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk] path=c:\users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-11-10 16:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-03-06 07:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager] 2010-07-23 02:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast] 2011-05-10 12:10 3459712 ----a-w- c:\program files\AVAST Software\Avast\AvastUI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security] 2011-05-10 03:17 2552648 ----a-w- c:\program files\COMODO\COMODO Internet Security\cfp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-04-28 03:16 136176 ----atw- c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC] 2010-11-30 17:20 997408 ----a-w- c:\program files\Microsoft Security Client\msseces.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerBlock] 2010-11-07 02:24 1866864 ----a-w- c:\program files\PeerBlock\peerblock.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-01-07 17:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] 2010-02-19 17:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe . R1 MpKsl066ca734;MpKsl066ca734;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD8C5AA5-C2A5-4343-B2A7-40944B5F4C1B}\MpKsl066ca734.sys [x] R1 MpKsl558deb8b;MpKsl558deb8b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93C14F52-30E8-425B-A9A1-2363DEA24FAC}\MpKsl558deb8b.sys [x] R1 MpKslc8938471;MpKslc8938471;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93C14F52-30E8-425B-A9A1-2363DEA24FAC}\MpKslc8938471.sys [x] R1 MpKslce3fc4cd;MpKslce3fc4cd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93C14F52-30E8-425B-A9A1-2363DEA24FAC}\MpKslce3fc4cd.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776] R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848] R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-28 1343400] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-05-03 238960] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-05-03 37592] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-04-26 162544] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-04-26 44784] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640] S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-04-19 399416] S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 1799472] S3 BattStatSys;BattStatSys;c:\users\Rick\AppData\Local\Temp\BSS8A73.tmp [x] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-12-25 65360] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-05-26 136304] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-03-03 139368] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-04-26 111280] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-04-26 122224] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - BATTSTATSYS . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc . Contents of the 'Scheduled Tasks' folder . 2011-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090831089-2619997055-1522377865-1000Core.job - c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-28 03:16] . 2011-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090831089-2619997055-1522377865-1000UA.job - c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-28 03:16] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\u1h5flix.default\ . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BattStatSys] "ImagePath"="\??\c:\users\Rick\AppData\Local\Temp\BSS8A73.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(616) c:\windows\system32\guard32.dll . - - - - - - - > 'Explorer.exe'(2944) c:\windows\system32\guard32.dll c:\windows\System32\gameux.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\IDT\WDM\STacSV.exe c:\program files\Sandboxie\SbieSvc.exe c:\program files\NVIDIA Corporation\Display\NvXDSync.exe c:\windows\system32\nvvsvc.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\windows\system32\WLANExt.exe c:\windows\system32\conhost.exe c:\program files\DigitalPersona\Bin\DpHostW.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\taskhost.exe c:\program files\Battery Status\BattStat.exe c:\program files\Panda USB Vaccine\USBVaccine.exe c:\windows\system32\conhost.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Completion time: 2011-06-12 03:29:07 - machine was rebooted ComboFix-quarantined-files.txt 2011-06-12 07:29 . Pre-Run: 204,861,718,528 bytes free Post-Run: 204,715,819,008 bytes free . - - End Of File - - 47C220384866AC8BE81B52C82350083B Attach.zip
  9. Hi guys, I originally posted about this here, but I was recommended to post in here to make sure everything is ok. In short, two days ago I was browsing the web (trusted site) and saw over 100 outgoing connections from my PC to my router (Dlink DIR 655) on port 4444. I saw the connections in Comodo Firewall's active connections list. I've scanned with both Avast (boot-time scan) and MBAM (quick and full), both have come up clean, but I'm worried something might be wrong here. Thank you guys for your help! Here is my MBAM quick scan log: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6821 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 6/9/2011 3:48:40 PM mbam-log-2011-06-09 (15-48-40).txt Scan type: Quick scan Objects scanned: 143492 Time elapsed: 3 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Here is my DDS log: . DDS (Ver_2011-06-03.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Rick at 16:06:24 on 2011-06-09 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3069.1587 [GMT -4:00] . AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC} FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\Windows\system32\vcsFPService.exe C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Program Files\DigitalPersona\Bin\DpHostW.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\IDT\WDM\aestsrv.exe C:\Program Files\Secunia\PSI\sua.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Battery Status\BattStat.exe C:\Program Files\Panda USB Vaccine\USBVaccine.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\DigitalPersona\Bin\DpAgent.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Sandboxie\SbieCtrl.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Windows\System32\StikyNot.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\system32\conhost.exe C:\Program Files\Sandboxie\SandboxieRpcSs.exe C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Sandboxie\SandboxieCrypto.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\explorer.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files\digitalpersona\bin\DpOtsPluginIe8.dll BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll uRun: [Syncplicity] c:\program files\syncplicity\Syncplicity.exe uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe" uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe uRun: [EPSON Stylus CX4800 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiada.exe /fu "c:\windows\temp\E_SB9B7.tmp" /EF "HKCU" uRun: [Google Update] "c:\users\rick\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{BE058F8F-6828-47D5-8D1E-D43597911C92} : DhcpNameServer = 192.168.0.1 Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll AppInit_DLLs: c:\windows\system32\guard32.dll LSA: Notification Packages = scecli DPPWDFLT . ================= FIREFOX =================== . FF - ProfilePath - c:\users\rick\appdata\roaming\mozilla\firefox\profiles\u1h5flix.default\ FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\users\rick\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-27 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-27 307928] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-5-2 238960] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-5-2 37592] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2011-5-8 81920] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-27 19544] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-4-27 53592] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-10 42184] R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-28 366640] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416] R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-2-23 1799472] R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-5-8 227896] R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2011-5-8 65360] R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-5-26 136304] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-28 22712] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-5-8 139368] R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-3-24 126696] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776] S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-28 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-27 1343400] . =============== Created Last 30 ================ . 2011-06-01 23:49:44 -------- d-----w- c:\programdata\Panda Security 2011-06-01 23:49:40 -------- d-----w- c:\program files\Panda USB Vaccine 2011-06-01 04:11:44 6962000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5566af0e-364f-4675-ae1b-e35ef2c92604}\mpengine.dll 2011-05-30 02:35:30 -------- d-----w- c:\program files\ArdfryImaging 2011-05-26 00:42:24 -------- d-----w- c:\windows\system32\appmgmt 2011-05-24 18:19:57 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-05-21 05:43:22 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll 2011-05-21 05:43:19 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{638143b9-2f99-4cc5-8343-536f58a8d470}\gapaengine.dll 2011-05-19 05:59:36 -------- d-----w- c:\windows\pss 2011-05-19 05:57:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-19 05:51:49 -------- d-----w- c:\users\rick\appdata\local\Secunia PSI 2011-05-19 05:51:41 -------- d-----w- c:\program files\Secunia 2011-05-19 04:32:48 -------- d-----w- c:\program files\Battery Status 2011-05-18 03:58:12 -------- d-----r- C:\Sandbox 2011-05-18 03:56:01 -------- d-----w- c:\program files\Sandboxie 2011-05-17 04:48:34 53248 ----a-r- c:\users\rick\appdata\roaming\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe 2011-05-17 04:48:20 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2011-05-17 04:45:43 -------- d-----w- c:\users\rick\appdata\roaming\Logishrd 2011-05-17 04:40:09 80024 ----a-w- c:\windows\system32\PICSDK.dll 2011-05-17 04:40:09 51360 ----a-w- c:\windows\system32\EpPicPrt.dll 2011-05-17 04:40:09 51360 ----a-w- c:\windows\system32\EpPicMgr.dll 2011-05-17 04:40:09 501912 ----a-w- c:\windows\system32\PICSDK2.dll 2011-05-17 04:40:09 108704 ----a-w- c:\windows\system32\PICEntry.dll 2011-05-17 04:40:01 -------- d-----w- c:\programdata\EPSON 2011-05-17 04:39:05 76800 ----a-w- c:\windows\system32\E_FLBADA.DLL 2011-05-17 04:39:03 62976 ----a-w- c:\windows\system32\E_FD4BADA.DLL 2011-05-17 04:38:25 -------- d-----w- c:\program files\epson 2011-05-17 04:38:24 61952 ----a-w- c:\windows\system32\escwiad.dll 2011-05-16 21:04:58 -------- d-----w- c:\users\rick\appdata\roaming\Softland 2011-05-16 21:04:56 23376 ----a-w- c:\windows\system32\dopdfmn7.dll 2011-05-16 21:04:56 20816 ----a-w- c:\windows\system32\dopdfmi7.dll 2011-05-16 21:04:55 1700352 ----a-w- c:\windows\system32\GdiPlus.dll 2011-05-16 21:04:52 -------- d-----w- c:\program files\Softland 2011-05-12 03:37:54 -------- d-----w- c:\program files\Microsoft IntelliType Pro 2011-05-11 02:25:15 123904 ----a-w- c:\windows\system32\poqexec.exe 2011-05-10 21:33:09 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2011-05-10 21:33:09 5888 ----a-w- c:\windows\system32\drivers\usbd.sys 2011-05-10 21:33:09 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys 2011-05-10 21:33:09 284672 ----a-w- c:\windows\system32\drivers\usbport.sys 2011-05-10 21:33:09 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys 2011-05-10 21:33:09 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2011-05-10 21:33:05 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-05-10 21:33:05 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe . ==================== Find3M ==================== . 2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr 2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-10 11:59:44 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-05-09 03:25:11 6656 ----a-w- c:\windows\system32\bcmwlrc.dll 2011-05-09 03:25:09 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll 2011-05-09 03:25:09 3555328 ----a-w- c:\windows\system32\bcmihvui.dll 2011-05-09 03:25:09 2710592 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS 2011-05-09 03:25:08 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll 2011-05-03 00:36:44 37592 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2011-05-03 00:36:42 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2011-05-03 00:36:42 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys 2011-05-03 00:36:04 284744 ----a-w- c:\windows\system32\guard32.dll 2011-04-28 17:04:45 152576 ----a-w- c:\windows\system32\msclmd.dll 2011-04-28 04:43:47 231248 ----a-w- c:\windows\system32\drivers\truecrypt.sys 2011-04-28 03:52:48 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-26 19:10:34 44784 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2011-04-26 19:10:34 122224 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys 2011-04-26 19:10:34 111280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2011-04-26 19:10:32 162544 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2011-04-26 19:10:32 135472 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll 2011-04-08 02:43:36 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll 2011-04-08 02:43:34 66664 ----a-w- c:\windows\system32\nvshext.dll 2011-04-08 02:43:34 612456 ----a-w- c:\windows\system32\nvvsvc.exe 2011-04-08 02:43:34 293992 ----a-w- c:\windows\system32\nvhotkey.dll 2011-04-08 02:43:34 2582120 ----a-w- c:\windows\system32\nvsvcr.dll 2011-04-08 02:43:34 111208 ----a-w- c:\windows\system32\nvmctray.dll 2011-04-08 02:43:20 3701352 ----a-w- c:\windows\system32\nvcpl.dll 2011-04-08 02:43:04 2565224 ----a-w- c:\windows\system32\nvsvc.dll 2011-03-29 08:00:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll 2011-03-24 19:35:18 243200 ----a-w- c:\windows\system32\xvidvfw.dll 2011-03-24 19:28:12 631808 ----a-w- c:\windows\system32\xvidcore.dll 2011-03-19 19:00:38 151552 ----a-w- c:\windows\system32\ac3acm.acm 2011-03-12 11:23:45 870912 ----a-w- c:\windows\system32\XpsPrint.dll . ============= FINISH: 16:08:31.83 =============== Attach.zip
  10. Hi guys! Last night I ran into a weird connection issue which I'm not sure is malware related. First, off, let me say that I'm always careful when browsing the interwebs - I only visit a handful of trusted sites, including a forum that I run, I never visit questionable sites, never open attachments except when I absolutely trust the contents, and I run Chrome with JS and plugins disabled unless I absolutely trust the site. I also run Avast Internet Security (minus firewall), Comodo Internet Security, and MBAM Pro (recent convert from free ). I scan regularly with both avast and MBAM, several times per week, just in case something slipped by. I also run Chrome sandboxed with Sandboxie. No one has access to my PC other than me. So anyways, I was browsing with Chrome last night (my forum), got up to grab a snack, came back, and noticed some hard drive activity (hdd indicator light was on). I opened Comodo's active connection log and spotted over 100 connections from my PC to port 4444 of my router, a Dlink DIR 655. I immediately scanned with MBAM and Avast - both scans came up clean. I also scanned again today, did an Avast boot time scan, and a full scan with MBAM - still clean. Now, the Speedguide page for port 4444 indicates a bunch of nasties use that port, and some legit software. But MBAM/Avast would have detected those things, correct? and, those nasties would connect to a remote address, not my router, right? I haven't seen any connections to port 4444 since last night. There aren't any programs listening for connections, but I've blocked any connections to port 4444 (ingress and egress) for now. I noticed that Chrome background updated last night around the same time this happened. Is it possible that's what happened? I might be overly paranoid, but I just want to make sure that something isn't wrong. Thanks guys for any advice!
  11. Thanks for the link, I'll check that out! I probably should have been more clear about my program setup. Avast Internet Security is my AV and the firewall module is not installed. Only the firewall part of Comodo is installed, without the AV. That should be OK, right?
  12. Hey all! First I wanted to say that MBAM is awesome! I've been using it since 2009, both on my own PC as well as friend/family members PCs to rid them of malware, and it has always done its job well. Thank you for creating such a great product! I'm considering buying the Pro version for the extra layer of protection, and to support development of one of the best anti-spyware tools out there. I just wanted to make sure it'll play nice with my current security software. I'm running Windows 7, 3GB RAM and have the following programs installed: - Avast Internet Security - Microsoft Security Essentials - Comodo Internet Security I'm mainly concerned with the Avast + MSSE + MBAM Pro combo - will these programs work OK together? I'm one of the paranoid-about-security types. I never open email attachments unless I know it's safe, I don't visit shady websites (if I do, I'll use a VM), and I don't install/run dubious software. So maybe I don't *need* the extra protection, but you can never be too safe! Helping to support MBAM is cool too.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.