[component update 1.0.390 beta]

Apologies for disappearing - it's been a bit of a crazy week and I basically just kept MBAM web protection disabled until today. With the 1.0.391 component update, things are much better! I'm able to connect to sites with both MBAM and ESET enabled, and everything seems to be back to normal. Thank you Malwarebytes guys! ?

[component update 1.0.390 beta]

@Maurice Naggar this behavior is across all 3 browsers: Chrome, Firefox and Edge.

@dcollinsThat was actually the FIRST thing I did last night when I started having issues and couldn't even connect to my router -- I disabled ESET's firewall and web filtering modules, but still had the same issue. I've just disabled all of the modules in ESET, which is about as close to disabling the software as you can get without uninstalling it (I think...), enabled MBAM's web protection and still have the same problem. The only thing that resolves the problem is disabling the web protection in MBAM.

A couple of observations:

• I'm able to ping the domains that I can't connect to when web protection is enabled, and things generally look fine. However the browser can't connect to those same domains.
• If I disable web protection, visit a site that I can't connect to with web protection enabled, and then re-enable web protection, the browser is able to connect to that site. This persists even if caches are cleared, or the browser is closed. A system restart results in no sites being accessible. I wonder if this is DNS related?
• With web protection on, ESET cannot connect to its update server.

[component update 1.0.390 beta]

Hi @Maurice Naggar, I've added the 6 MBAM executables you've listed above to my list of exclusions in ESET and restarted. But when I re-enable the web protection I have the same behavior as before and can't connect to most websites again.

[component update 1.0.390 beta]

Sure @dcollins, file is attached.

Also, it's worth noting that even connections to my wireless/wired router (by IP address) failed when web protection was enabled.

Thanks for looking into this!

mbst-grab-results.zip

[component update 1.0.390 beta]

I'm having the same issue as DimDiam, as of last night. I'm unable to access most websites with MBAM (Premium) web protection enabled. It seems like only Google websites and Reddit, and perhaps 1 or 2 others that I tried are accessible. Otherwise, other reputable websites (news, games, discussion boards, etc) all fail to be connected to. I've tested this in Google and Firefox, and end up with the same result: Firefox will time out performing a TLS handshake with HTTPS sites, and Chrome just seems to get an empty response back after a long time. Disabling web protection resolves the problem immediately.

Note that I'm also using ESET Internet Security alongside MBAM and have had zero issues until last night.

If I can provide any more info, please let me know!

[Strange Outgoing Connections]

Thanks Screen for taking your time to help me!

While not strictly related to the "port 4444" problem, I've been noticing some other odd outgoing connections in the 216.246.75.* range, which resolve to "unknown.scnet.net". svchost.exe is also initiating these connections. I see them immediately after logging onto my desktop. It's usually just a single connection which closes after awhile, but after adding a log rule to Comodo I see "windows operating system" trying to connect to an "unknown.scnet.net" address again. Some of the addresses I've seen are:

216.246.75.122

216.246.75.123

216.246.75.131

216.246.75.236

The source ports seem to be in the 50000s and the destination port is 80.

I'm not sure what to make of this... even after all the scans we've run I'm still concerned something is trying to "phone home"!

[Strange Outgoing Connections]

Thanks screen317! Yes, I had MSSE installed alongside Avast, but after getting the pro version of MBAM I decided MSSE was overkill and I disabled the startup item and the MSSE service. I figured I could still used it as an on-demand scanner, but I've uninstalled it now. Here are the scan logs:

The ESET scanner log only had three lines. I did run it once at the beginning of May, could that be the cause?:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

Results of screen317's Security Check version 0.99.13

Windows 7 Service Pack 1 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

avast! Internet Security

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 26

Adobe Flash Player 10.3.181.22

Adobe Reader X (10.0.1)

Mozilla Firefox (x86 en-US..)

Mozilla Thunderbird (3.1.10) Thunderbird Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Comodo Firewall cmdagent.exe

Comodo Firewall cfp.exe

system32 OnlineCmdLineScanner.exe -?-

system32 AvastSvc.exe -?-

AVAST Software Avast AvastUI.exe

``````````End of Log````````````

I haven't noticed any more strange connections on port 4444 since I originally posted this topic, but after all these scans does it look like my PC is clean?

I'm still unsure of what caused the outgoing connections in the first place. It seems odd that my PC would send connections directly to my router on port 4444, and that's mainly why I posted here. The time of the connections did coincide exactly with a Google Chrome update, and I'm wondering if the Google Updater is to blame here? But again, why would svchost be sending connections to my router on port 4444? If I remember correctly from Comodo's Active Connections list, each connection to my router was 66 bytes in and out - single packets? I've seen nothing unusual in the router logs or Comodo. I've actually added a block + log rule so any outgoing/incoming connections on destination port 4444 are blocked - nothing yet!

Thanks for taking your time to help me!

[Strange Outgoing Connections]

Hi Screen317, thanks very much for your help, it's greatly appreciated! Sorry about the code boxes, I didn't realize they would end up all colorized and hard to read like that!

Here are the scan results you asked me to run - I wasn't sure if you wanted Attach.txt from DDS so I zipped and attached it just in case.

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6838

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

6/12/2011 2:28:07 AM

mbam-log-2011-06-12 (02-28-07).txt

Scan type: Quick scan

Objects scanned: 143765

Time elapsed: 3 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-06-03.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Rick at 2:47:37 on 2011-06-12

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3069.1750 [GMT -4:00]

.

AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\vcsFPService.exe

C:\Windows\system32\WLANExt.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\DigitalPersona\Bin\DpHostW.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\IDT\WDM\aestsrv.exe

C:\Program Files\Secunia\PSI\sua.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Battery Status\BattStat.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Panda USB Vaccine\USBVaccine.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\DigitalPersona\Bin\DpAgent.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Sandboxie\SbieCtrl.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Sandboxie\SandboxieRpcSs.exe

C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Sandboxie\SandboxieCrypto.exe

C:\Windows\System32\rundll32.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Syncplicity\Syncplicity.exe

C:\Windows\explorer.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files\digitalpersona\bin\DpOtsPluginIe8.dll

BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll

uRun: [syncplicity] c:\program files\syncplicity\Syncplicity.exe

uRun: [sandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"

uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe

uRun: [EPSON Stylus CX4800 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiada.exe /fu "c:\windows\temp\E_SB9B7.tmp" /EF "HKCU"

uRun: [Google Update] "c:\users\rick\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{BE058F8F-6828-47D5-8D1E-D43597911C92} : DhcpNameServer = 192.168.0.1

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

AppInit_DLLs: c:\windows\system32\guard32.dll

LSA: Notification Packages = scecli DPPWDFLT

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\rick\appdata\roaming\mozilla\firefox\profiles\u1h5flix.default\

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\users\rick\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-27 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-27 307928]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-5-2 238960]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-5-2 37592]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2011-5-8 81920]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-27 19544]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-4-27 53592]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-10 42184]

R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-28 366640]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]

R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-2-23 1799472]

R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-5-8 227896]

R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2011-5-8 65360]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-5-26 136304]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-28 22712]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-5-8 139368]

R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-3-24 126696]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]

S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-28 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-27 1343400]

.

=============== Created Last 30 ================

.

2011-06-01 23:49:44 -------- d-----w- c:\programdata\Panda Security

2011-06-01 23:49:40 -------- d-----w- c:\program files\Panda USB Vaccine

2011-06-01 04:11:44 6962000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5566af0e-364f-4675-ae1b-e35ef2c92604}\mpengine.dll

2011-05-30 02:35:30 -------- d-----w- c:\program files\ArdfryImaging

2011-05-26 00:42:24 -------- d-----w- c:\windows\system32\appmgmt

2011-05-24 18:19:57 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-05-21 05:43:22 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll

2011-05-21 05:43:19 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{638143b9-2f99-4cc5-8343-536f58a8d470}\gapaengine.dll

2011-05-19 05:59:36 -------- d-----w- c:\windows\pss

2011-05-19 05:57:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-19 05:51:49 -------- d-----w- c:\users\rick\appdata\local\Secunia PSI

2011-05-19 05:51:41 -------- d-----w- c:\program files\Secunia

2011-05-19 04:32:48 -------- d-----w- c:\program files\Battery Status

2011-05-18 03:58:12 -------- d-----r- C:\Sandbox

2011-05-18 03:56:01 -------- d-----w- c:\program files\Sandboxie

2011-05-17 04:48:34 53248 ----a-r- c:\users\rick\appdata\roaming\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe

2011-05-17 04:48:20 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-05-17 04:45:43 -------- d-----w- c:\users\rick\appdata\roaming\Logishrd

2011-05-17 04:40:09 80024 ----a-w- c:\windows\system32\PICSDK.dll

2011-05-17 04:40:09 51360 ----a-w- c:\windows\system32\EpPicPrt.dll

2011-05-17 04:40:09 51360 ----a-w- c:\windows\system32\EpPicMgr.dll

2011-05-17 04:40:09 501912 ----a-w- c:\windows\system32\PICSDK2.dll

2011-05-17 04:40:09 108704 ----a-w- c:\windows\system32\PICEntry.dll

2011-05-17 04:40:01 -------- d-----w- c:\programdata\EPSON

2011-05-17 04:39:05 76800 ----a-w- c:\windows\system32\E_FLBADA.DLL

2011-05-17 04:39:03 62976 ----a-w- c:\windows\system32\E_FD4BADA.DLL

2011-05-17 04:38:25 -------- d-----w- c:\program files\epson

2011-05-17 04:38:24 61952 ----a-w- c:\windows\system32\escwiad.dll

2011-05-16 21:04:58 -------- d-----w- c:\users\rick\appdata\roaming\Softland

2011-05-16 21:04:56 23376 ----a-w- c:\windows\system32\dopdfmn7.dll

2011-05-16 21:04:56 20816 ----a-w- c:\windows\system32\dopdfmi7.dll

2011-05-16 21:04:55 1700352 ----a-w- c:\windows\system32\GdiPlus.dll

2011-05-16 21:04:52 -------- d-----w- c:\program files\Softland

.

==================== Find3M ====================

.

2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr

2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-05-10 11:59:44 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-05-09 03:25:11 6656 ----a-w- c:\windows\system32\bcmwlrc.dll

2011-05-09 03:25:09 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll

2011-05-09 03:25:09 3555328 ----a-w- c:\windows\system32\bcmihvui.dll

2011-05-09 03:25:09 2710592 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS

2011-05-09 03:25:08 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll

2011-05-03 00:36:44 37592 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-05-03 00:36:42 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-05-03 00:36:42 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-05-03 00:36:04 284744 ----a-w- c:\windows\system32\guard32.dll

2011-04-28 17:04:45 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-04-28 04:43:47 231248 ----a-w- c:\windows\system32\drivers\truecrypt.sys

2011-04-28 03:52:48 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-26 19:10:34 44784 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2011-04-26 19:10:34 122224 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2011-04-26 19:10:34 111280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2011-04-26 19:10:32 162544 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2011-04-26 19:10:32 135472 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll

2011-04-09 06:02:25 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-04-09 06:02:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe

2011-04-08 02:43:36 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll

2011-04-08 02:43:34 66664 ----a-w- c:\windows\system32\nvshext.dll

2011-04-08 02:43:34 612456 ----a-w- c:\windows\system32\nvvsvc.exe

2011-04-08 02:43:34 293992 ----a-w- c:\windows\system32\nvhotkey.dll

2011-04-08 02:43:34 2582120 ----a-w- c:\windows\system32\nvsvcr.dll

2011-04-08 02:43:34 111208 ----a-w- c:\windows\system32\nvmctray.dll

2011-04-08 02:43:20 3701352 ----a-w- c:\windows\system32\nvcpl.dll

2011-04-08 02:43:04 2565224 ----a-w- c:\windows\system32\nvsvc.dll

2011-03-29 08:00:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll

2011-03-25 02:58:37 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-03-25 02:58:07 284672 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-03-25 02:58:06 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-03-25 02:57:58 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-03-25 02:57:56 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-03-25 02:57:53 5888 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-03-24 19:35:18 243200 ----a-w- c:\windows\system32\xvidvfw.dll

2011-03-24 19:28:12 631808 ----a-w- c:\windows\system32\xvidcore.dll

2011-03-19 19:00:38 151552 ----a-w- c:\windows\system32\ac3acm.acm

.

============= FINISH: 2:49:55.99 ===============

ComboFix 11-06-11.01 - Rick 06/12/2011 3:04.1.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3069.2039 [GMT -4:00]

Running from: c:\users\Rick\Downloads\ComboFix.exe

AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2011-05-12 to 2011-06-12 )))))))))))))))))))))))))))))))

.

.

2011-06-12 07:21 . 2011-06-12 07:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-01 23:49 . 2011-06-01 23:49 -------- d-----w- c:\programdata\Panda Security

2011-06-01 23:49 . 2011-06-01 23:49 -------- d-----w- c:\program files\Panda USB Vaccine

2011-06-01 04:11 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5566AF0E-364F-4675-AE1B-E35EF2C92604}\mpengine.dll

2011-05-30 02:35 . 2011-05-30 02:35 -------- d-----w- c:\program files\ArdfryImaging

2011-05-24 18:19 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-05-21 05:43 . 2011-04-29 04:15 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2011-05-21 05:43 . 2011-04-29 04:15 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{638143B9-2F99-4CC5-8343-536F58A8D470}\gapaengine.dll

2011-05-19 05:57 . 2011-06-07 02:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-19 05:51 . 2011-05-19 05:51 -------- d-----w- c:\users\Rick\AppData\Local\Secunia PSI

2011-05-19 05:51 . 2011-05-19 05:51 -------- d-----w- c:\program files\Secunia

2011-05-19 04:32 . 2011-05-19 04:32 -------- d-----w- c:\program files\Battery Status

2011-05-18 03:58 . 2011-05-18 03:58 -------- d-----r- C:\Sandbox

2011-05-18 03:56 . 2011-05-18 03:56 -------- d-----w- c:\program files\Sandboxie

2011-05-17 04:48 . 2011-05-17 04:48 -------- d-----w- c:\users\Rick\AppData\Roaming\Leadertech

2011-05-17 04:48 . 2011-05-17 04:48 53248 ----a-r- c:\users\Rick\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-05-17 04:48 . 2011-05-17 04:48 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-05-17 04:47 . 2011-05-17 04:53 -------- d-----w- c:\programdata\Logishrd

2011-05-17 04:47 . 2011-05-17 04:47 -------- d-----w- c:\program files\Logitech

2011-05-17 04:46 . 2011-05-17 04:48 -------- d-----w- c:\program files\Common Files\Logishrd

2011-05-17 04:45 . 2011-05-17 04:53 -------- d-----w- c:\users\Rick\AppData\Roaming\Logitech

2011-05-17 04:45 . 2011-05-17 04:45 -------- d-----w- c:\users\Rick\AppData\Roaming\Logishrd

2011-05-17 04:40 . 2006-10-31 04:10 51360 ----a-w- c:\windows\system32\EpPicPrt.dll

2011-05-17 04:40 . 2006-10-31 04:10 51360 ----a-w- c:\windows\system32\EpPicMgr.dll

2011-05-17 04:40 . 2006-10-20 04:10 80024 ----a-w- c:\windows\system32\PICSDK.dll

2011-05-17 04:40 . 2006-10-20 04:10 501912 ----a-w- c:\windows\system32\PICSDK2.dll

2011-05-17 04:40 . 2006-10-20 04:10 108704 ----a-w- c:\windows\system32\PICEntry.dll

2011-05-17 04:40 . 2011-05-17 04:40 -------- d-----w- c:\users\Rick\AppData\Roaming\InstallShield

2011-05-17 04:40 . 2011-05-17 04:40 -------- d-----w- c:\programdata\EPSON

2011-05-17 04:39 . 2006-12-08 06:04 76800 ----a-w- c:\windows\system32\E_FLBADA.DLL

2011-05-17 04:39 . 2006-04-19 06:00 62976 ----a-w- c:\windows\system32\E_FD4BADA.DLL

2011-05-17 04:38 . 2011-05-17 04:38 -------- d-----w- c:\program files\epson

2011-05-17 04:38 . 2006-10-13 04:00 61952 ----a-w- c:\windows\system32\escwiad.dll

2011-05-16 21:04 . 2011-05-16 21:04 -------- d-----w- c:\users\Rick\AppData\Roaming\Softland

2011-05-16 21:04 . 2011-04-27 19:47 23376 ----a-w- c:\windows\system32\dopdfmn7.dll

2011-05-16 21:04 . 2011-04-27 19:47 20816 ----a-w- c:\windows\system32\dopdfmi7.dll

2011-05-16 21:04 . 2010-02-05 19:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll

2011-05-16 21:04 . 2011-05-16 21:04 -------- d-----w- c:\program files\Softland

2011-05-15 01:22 . 2011-05-15 01:22 -------- d-----w- c:\users\Public\Roaming

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 13:11 . 2011-04-28 04:05 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11 . 2011-04-28 04:05 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-10 12:10 . 2011-04-28 01:47 40112 ----a-w- c:\windows\avastSS.scr

2011-05-10 12:10 . 2011-04-28 01:47 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-05-10 12:03 . 2011-04-28 01:49 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-05-10 12:03 . 2011-04-28 01:50 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-05-10 12:02 . 2011-04-28 01:49 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-05-10 11:59 . 2011-04-28 01:49 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-05-10 11:59 . 2011-04-28 01:49 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-05-10 11:59 . 2011-04-28 01:50 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-05-09 20:46 . 2011-04-29 06:35 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-05-09 03:25 . 2011-05-09 03:25 6656 ----a-w- c:\windows\system32\bcmwlrc.dll

2011-05-09 03:25 . 2011-05-09 03:25 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll

2011-05-09 03:25 . 2011-05-09 03:25 3555328 ----a-w- c:\windows\system32\bcmihvui.dll

2011-05-09 03:25 . 2011-05-09 03:25 2710592 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS

2011-05-09 03:25 . 2011-05-09 03:25 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll

2011-05-07 20:17 . 2011-05-07 20:17 82400 ----a-w- c:\windows\system32\drivers\inspect.sys

2011-05-03 00:36 . 2011-05-03 00:36 37592 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-05-03 00:36 . 2011-05-03 00:36 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-05-03 00:36 . 2011-05-03 00:36 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-05-03 00:36 . 2011-05-03 00:36 284744 ----a-w- c:\windows\system32\guard32.dll

2011-04-28 17:04 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-04-28 04:43 . 2011-04-28 04:43 231248 ----a-w- c:\windows\system32\drivers\truecrypt.sys

2011-04-28 03:52 . 2011-04-28 03:52 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-28 02:38 . 2011-04-28 02:38 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-04-28 02:38 . 2011-04-28 02:38 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-04-28 02:38 . 2011-04-28 02:38 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-04-28 02:38 . 2011-04-28 02:38 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-04-28 02:38 . 2011-04-28 02:38 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-04-28 02:38 . 2011-04-28 02:38 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-04-28 02:38 . 2011-04-28 02:38 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-04-28 02:38 . 2011-04-28 02:38 367104 ----a-w- c:\windows\system32\html.iec

2011-04-28 02:38 . 2011-04-28 02:38 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-04-28 02:38 . 2011-04-28 02:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-04-28 02:38 . 2011-04-28 02:38 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-28 02:38 . 2011-04-28 02:38 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-04-28 02:38 . 2011-04-28 02:38 161792 ----a-w- c:\windows\system32\msls31.dll

2011-04-28 02:38 . 2011-04-28 02:38 152064 ----a-w- c:\windows\system32\wextract.exe

2011-04-28 02:38 . 2011-04-28 02:38 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-04-28 02:38 . 2011-04-28 02:38 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-04-28 02:38 . 2011-04-28 02:38 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-28 02:38 . 2011-04-28 02:38 11776 ----a-w- c:\windows\system32\mshta.exe

2011-04-28 02:38 . 2011-04-28 02:38 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-04-28 02:38 . 2011-04-28 02:38 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-04-28 02:38 . 2011-04-28 02:38 101888 ----a-w- c:\windows\system32\admparse.dll

2011-04-26 19:10 . 2011-05-01 19:40 44784 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2011-04-26 19:10 . 2011-04-26 19:10 122224 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2011-04-26 19:10 . 2011-04-26 19:10 111280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2011-04-26 19:10 . 2011-05-01 19:40 162544 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2011-04-26 19:10 . 2011-04-26 19:10 135472 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll

2011-04-18 13:15 . 2011-04-28 01:33 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3128556-9E56-4B08-8E72-E1C832096E15}\mpengine.dll

2011-04-09 06:02 . 2011-05-10 21:33 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-04-09 06:02 . 2011-05-10 21:33 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 05:56 . 2011-05-11 02:25 123904 ----a-w- c:\windows\system32\poqexec.exe

2011-04-08 05:14 . 2011-05-09 03:40 6299752 ----a-w- c:\windows\system32\nvwgf2um.dll

2011-04-08 05:14 . 2011-05-09 03:40 57960 ----a-w- c:\windows\system32\OpenCL.dll

2011-04-08 05:14 . 2011-05-09 03:40 15227496 ----a-w- c:\windows\system32\nvoglv32.dll

2011-04-08 05:14 . 2011-05-09 03:40 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll

2011-04-08 05:14 . 2011-05-09 03:40 855656 ----a-w- c:\windows\system32\nvgenco322060.dll

2011-04-08 05:14 . 2011-05-09 03:40 5180824 ----a-w- c:\windows\system32\nvcuda.dll

2011-04-08 05:14 . 2011-05-09 03:40 2765928 ----a-w- c:\windows\system32\nvcuvid.dll

2011-04-08 05:14 . 2011-05-09 03:40 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-04-08 05:14 . 2011-05-09 03:40 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2011-04-08 05:14 . 2011-05-09 03:40 10071656 ----a-w- c:\windows\system32\nvd3dum.dll

2011-04-08 05:14 . 2011-05-09 03:40 2034280 ----a-w- c:\windows\system32\nvapi.dll

2011-04-08 05:14 . 2011-05-09 03:40 13007464 ----a-w- c:\windows\system32\nvcompiler.dll

2011-04-08 05:14 . 2011-05-09 03:40 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd

2011-04-08 02:43 . 2011-04-08 02:43 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll

2011-04-08 02:43 . 2011-04-08 02:43 66664 ----a-w- c:\windows\system32\nvshext.dll

2011-04-08 02:43 . 2011-04-08 02:43 612456 ----a-w- c:\windows\system32\nvvsvc.exe

2011-04-08 02:43 . 2011-04-08 02:43 293992 ----a-w- c:\windows\system32\nvhotkey.dll

2011-04-08 02:43 . 2011-04-08 02:43 2582120 ----a-w- c:\windows\system32\nvsvcr.dll

2011-04-08 02:43 . 2011-04-08 02:43 111208 ----a-w- c:\windows\system32\nvmctray.dll

2011-04-08 02:43 . 2011-04-08 02:43 3701352 ----a-w- c:\windows\system32\nvcpl.dll

2011-04-08 02:43 . 2011-04-08 02:43 2565224 ----a-w- c:\windows\system32\nvsvc.dll

2011-03-29 08:00 . 2011-04-29 22:59 80896 ----a-w- c:\windows\system32\ff_vfw.dll

2011-03-25 02:58 . 2011-05-10 21:33 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-03-25 02:58 . 2011-05-10 21:33 284672 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-03-25 02:58 . 2011-05-10 21:33 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-03-25 02:57 . 2011-05-10 21:33 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-03-25 02:57 . 2011-05-10 21:33 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-03-25 02:57 . 2011-05-10 21:33 5888 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-03-24 19:35 . 2011-04-29 22:59 243200 ----a-w- c:\windows\system32\xvidvfw.dll

2011-03-24 19:28 . 2011-04-29 22:59 631808 ----a-w- c:\windows\system32\xvidcore.dll

2011-03-19 19:00 . 2011-04-29 22:59 151552 ----a-w- c:\windows\system32\ac3acm.acm

2011-05-19 06:56 . 2011-04-28 04:30 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Syncplicity Icon Overlay (Folder)]

@="{02FCECC2-84DC-4FAA-A718-C41FFCA5B8D1}"

[HKEY_CLASSES_ROOT\CLSID\{02FCECC2-84DC-4FAA-A718-C41FFCA5B8D1}]

2011-04-20 19:01 38400 ----a-w- c:\program files\Syncplicity\SyncplicityShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Syncplicity Icon Overlay (Fully Synced)]

@="{CA4FCCBF-F4B7-4DD1-861E-1F42AAD396D1}"

[HKEY_CLASSES_ROOT\CLSID\{CA4FCCBF-F4B7-4DD1-861E-1F42AAD396D1}]

2011-04-20 19:01 38400 ----a-w- c:\program files\Syncplicity\SyncplicityShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Syncplicity Icon Overlay (Not Latest Version)]

@="{284C090F-EB1D-4A6E-872E-6DB72E417E24}"

[HKEY_CLASSES_ROOT\CLSID\{284C090F-EB1D-4A6E-872E-6DB72E417E24}]

2011-04-20 19:01 38400 ----a-w- c:\program files\Syncplicity\SyncplicityShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Syncplicity Icon Overlay (Shared Folder)]

@="{3DFC86AD-F2CC-4AdA-98DD-AC5DC84119CC}"

[HKEY_CLASSES_ROOT\CLSID\{3DFC86AD-F2CC-4AdA-98DD-AC5DC84119CC}]

2011-04-20 19:01 38400 ----a-w- c:\program files\Syncplicity\SyncplicityShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Syncplicity"="c:\program files\Syncplicity\Syncplicity.exe" [2011-04-20 679936]

"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-03-24 409320]

"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-07-22 495708]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]

"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-12-01 842816]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-14 282624]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-05-10 2552648]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\guard32.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Users^Rick^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]

path=c:\users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-11-10 16:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-03-06 07:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-07-23 02:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]

2011-05-10 12:10 3459712 ----a-w- c:\program files\AVAST Software\Avast\AvastUI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]

2011-05-10 03:17 2552648 ----a-w- c:\program files\COMODO\COMODO Internet Security\cfp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-04-28 03:16 136176 ----atw- c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]

2010-11-30 17:20 997408 ----a-w- c:\program files\Microsoft Security Client\msseces.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerBlock]

2010-11-07 02:24 1866864 ----a-w- c:\program files\PeerBlock\peerblock.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-01-07 17:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 17:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

.

R1 MpKsl066ca734;MpKsl066ca734;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD8C5AA5-C2A5-4343-B2A7-40944B5F4C1B}\MpKsl066ca734.sys [x]

R1 MpKsl558deb8b;MpKsl558deb8b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93C14F52-30E8-425B-A9A1-2363DEA24FAC}\MpKsl558deb8b.sys [x]

R1 MpKslc8938471;MpKslc8938471;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93C14F52-30E8-425B-A9A1-2363DEA24FAC}\MpKslc8938471.sys [x]

R1 MpKslce3fc4cd;MpKslce3fc4cd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93C14F52-30E8-425B-A9A1-2363DEA24FAC}\MpKslce3fc4cd.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]

R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-28 1343400]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-05-03 238960]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-05-03 37592]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-04-26 162544]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-04-26 44784]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-04-19 399416]

S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 1799472]

S3 BattStatSys;BattStatSys;c:\users\Rick\AppData\Local\Temp\BSS8A73.tmp [x]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-12-25 65360]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-05-26 136304]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-03-03 139368]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-04-26 111280]

S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-04-26 122224]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - BATTSTATSYS

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090831089-2619997055-1522377865-1000Core.job

- c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-28 03:16]

.

2011-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090831089-2619997055-1522377865-1000UA.job

- c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-28 03:16]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\u1h5flix.default\

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BattStatSys]

"ImagePath"="\??\c:\users\Rick\AppData\Local\Temp\BSS8A73.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(616)

c:\windows\system32\guard32.dll

.

- - - - - - - > 'Explorer.exe'(2944)

c:\windows\system32\guard32.dll

c:\windows\System32\gameux.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\IDT\WDM\STacSV.exe

c:\program files\Sandboxie\SbieSvc.exe

c:\program files\NVIDIA Corporation\Display\NvXDSync.exe

c:\windows\system32\nvvsvc.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\conhost.exe

c:\program files\DigitalPersona\Bin\DpHostW.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\taskhost.exe

c:\program files\Battery Status\BattStat.exe

c:\program files\Panda USB Vaccine\USBVaccine.exe

c:\windows\system32\conhost.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Completion time: 2011-06-12 03:29:07 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-12 07:29

.

Pre-Run: 204,861,718,528 bytes free

Post-Run: 204,715,819,008 bytes free

.

- - End Of File - - 47C220384866AC8BE81B52C82350083B

Attach.zip

[Strange Outgoing Connections]

Hi guys, I originally posted about this here, but I was recommended to post in here to make sure everything is ok. In short, two days ago I was browsing the web (trusted site) and saw over 100 outgoing connections from my PC to my router (Dlink DIR 655) on port 4444. I saw the connections in Comodo Firewall's active connections list. I've scanned with both Avast (boot-time scan) and MBAM (quick and full), both have come up clean, but I'm worried something might be wrong here.

Thank you guys for your help!

Here is my MBAM quick scan log:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6821

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

6/9/2011 3:48:40 PM
mbam-log-2011-06-09 (15-48-40).txt

Scan type: Quick scan
Objects scanned: 143492
Time elapsed: 3 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here is my DDS log:

.
DDS (Ver_2011-06-03.01) - NTFSx86 
Internet Explorer: 9.0.8112.16421
Run by Rick at 16:06:24 on 2011-06-09
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3069.1587 [GMT -4:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\vcsFPService.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Battery Status\BattStat.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Sandboxie\SandboxieCrypto.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files\digitalpersona\bin\DpOtsPluginIe8.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
uRun: [Syncplicity] c:\program files\syncplicity\Syncplicity.exe
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [EPSON Stylus CX4800 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiada.exe /fu "c:\windows\temp\E_SB9B7.tmp" /EF "HKCU"
uRun: [Google Update] "c:\users\rick\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{BE058F8F-6828-47D5-8D1E-D43597911C92} : DhcpNameServer = 192.168.0.1
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs:     c:\windows\system32\guard32.dll
LSA: Notification Packages = scecli DPPWDFLT
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rick\appdata\roaming\mozilla\firefox\profiles\u1h5flix.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\rick\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-27 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-27 307928]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-5-2 238960]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-5-2 37592]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2011-5-8 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-27 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-4-27 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-10 42184]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-28 366640]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-2-23 1799472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-5-8 227896]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2011-5-8 65360]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-5-26 136304]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-28 22712]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-5-8 139368]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-3-24 126696]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-28 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-27 1343400]
.
=============== Created Last 30 ================
.
2011-06-01 23:49:44	--------	d-----w-	c:\programdata\Panda Security
2011-06-01 23:49:40	--------	d-----w-	c:\program files\Panda USB Vaccine
2011-06-01 04:11:44	6962000	----a-w-	c:\programdata\microsoft\microsoft antimalware\definition updates\{5566af0e-364f-4675-ae1b-e35ef2c92604}\mpengine.dll
2011-05-30 02:35:30	--------	d-----w-	c:\program files\ArdfryImaging
2011-05-26 00:42:24	--------	d-----w-	c:\windows\system32\appmgmt
2011-05-24 18:19:57	27008	----a-w-	c:\windows\system32\drivers\Diskdump.sys
2011-05-21 05:43:22	439632	------w-	c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2011-05-21 05:43:19	439632	------w-	c:\programdata\microsoft\microsoft antimalware\definition updates\{638143b9-2f99-4cc5-8343-536f58a8d470}\gapaengine.dll
2011-05-19 05:59:36	--------	d-----w-	c:\windows\pss
2011-05-19 05:57:05	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-19 05:51:49	--------	d-----w-	c:\users\rick\appdata\local\Secunia PSI
2011-05-19 05:51:41	--------	d-----w-	c:\program files\Secunia
2011-05-19 04:32:48	--------	d-----w-	c:\program files\Battery Status
2011-05-18 03:58:12	--------	d-----r-	C:\Sandbox
2011-05-18 03:56:01	--------	d-----w-	c:\program files\Sandboxie
2011-05-17 04:48:34	53248	----a-r-	c:\users\rick\appdata\roaming\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2011-05-17 04:48:20	16400	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2011-05-17 04:45:43	--------	d-----w-	c:\users\rick\appdata\roaming\Logishrd
2011-05-17 04:40:09	80024	----a-w-	c:\windows\system32\PICSDK.dll
2011-05-17 04:40:09	51360	----a-w-	c:\windows\system32\EpPicPrt.dll
2011-05-17 04:40:09	51360	----a-w-	c:\windows\system32\EpPicMgr.dll
2011-05-17 04:40:09	501912	----a-w-	c:\windows\system32\PICSDK2.dll
2011-05-17 04:40:09	108704	----a-w-	c:\windows\system32\PICEntry.dll
2011-05-17 04:40:01	--------	d-----w-	c:\programdata\EPSON
2011-05-17 04:39:05	76800	----a-w-	c:\windows\system32\E_FLBADA.DLL
2011-05-17 04:39:03	62976	----a-w-	c:\windows\system32\E_FD4BADA.DLL
2011-05-17 04:38:25	--------	d-----w-	c:\program files\epson
2011-05-17 04:38:24	61952	----a-w-	c:\windows\system32\escwiad.dll
2011-05-16 21:04:58	--------	d-----w-	c:\users\rick\appdata\roaming\Softland
2011-05-16 21:04:56	23376	----a-w-	c:\windows\system32\dopdfmn7.dll
2011-05-16 21:04:56	20816	----a-w-	c:\windows\system32\dopdfmi7.dll
2011-05-16 21:04:55	1700352	----a-w-	c:\windows\system32\GdiPlus.dll
2011-05-16 21:04:52	--------	d-----w-	c:\program files\Softland
2011-05-12 03:37:54	--------	d-----w-	c:\program files\Microsoft IntelliType Pro
2011-05-11 02:25:15	123904	----a-w-	c:\windows\system32\poqexec.exe
2011-05-10 21:33:09	75776	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2011-05-10 21:33:09	5888	----a-w-	c:\windows\system32\drivers\usbd.sys
2011-05-10 21:33:09	43008	----a-w-	c:\windows\system32\drivers\usbehci.sys
2011-05-10 21:33:09	284672	----a-w-	c:\windows\system32\drivers\usbport.sys
2011-05-10 21:33:09	258560	----a-w-	c:\windows\system32\drivers\usbhub.sys
2011-05-10 21:33:09	24064	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2011-05-10 21:33:05	3967872	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-05-10 21:33:05	3912576	----a-w-	c:\windows\system32\ntoskrnl.exe
.
==================== Find3M  ====================
.
2011-05-29 13:11:30	39984	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-05-10 12:10:59	40112	----a-w-	c:\windows\avastSS.scr
2011-05-10 12:03:54	441176	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-05-10 11:59:44	53592	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-05-09 03:25:11	6656	----a-w-	c:\windows\system32\bcmwlrc.dll
2011-05-09 03:25:09	91448	----a-w-	c:\windows\system32\bcmwlcoi.dll
2011-05-09 03:25:09	3555328	----a-w-	c:\windows\system32\bcmihvui.dll
2011-05-09 03:25:09	2710592	----a-w-	c:\windows\system32\drivers\BCMWL6.SYS
2011-05-09 03:25:08	3866624	----a-w-	c:\windows\system32\bcmihvsrv.dll
2011-05-03 00:36:44	37592	----a-w-	c:\windows\system32\drivers\cmdhlp.sys
2011-05-03 00:36:42	238960	----a-w-	c:\windows\system32\drivers\cmdGuard.sys
2011-05-03 00:36:42	19088	----a-w-	c:\windows\system32\drivers\cmderd.sys
2011-05-03 00:36:04	284744	----a-w-	c:\windows\system32\guard32.dll
2011-04-28 17:04:45	152576	----a-w-	c:\windows\system32\msclmd.dll
2011-04-28 04:43:47	231248	----a-w-	c:\windows\system32\drivers\truecrypt.sys
2011-04-28 03:52:48	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-04-26 19:10:34	44784	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys
2011-04-26 19:10:34	122224	----a-w-	c:\windows\system32\drivers\VBoxNetFlt.sys
2011-04-26 19:10:34	111280	----a-w-	c:\windows\system32\drivers\VBoxNetAdp.sys
2011-04-26 19:10:32	162544	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys
2011-04-26 19:10:32	135472	----a-w-	c:\windows\system32\VBoxNetFltNotify.dll
2011-04-08 02:43:36	580200	----a-w-	c:\windows\system32\easyUpdatusAPIU.dll
2011-04-08 02:43:34	66664	----a-w-	c:\windows\system32\nvshext.dll
2011-04-08 02:43:34	612456	----a-w-	c:\windows\system32\nvvsvc.exe
2011-04-08 02:43:34	293992	----a-w-	c:\windows\system32\nvhotkey.dll
2011-04-08 02:43:34	2582120	----a-w-	c:\windows\system32\nvsvcr.dll
2011-04-08 02:43:34	111208	----a-w-	c:\windows\system32\nvmctray.dll
2011-04-08 02:43:20	3701352	----a-w-	c:\windows\system32\nvcpl.dll
2011-04-08 02:43:04	2565224	----a-w-	c:\windows\system32\nvsvc.dll
2011-03-29 08:00:00	80896	----a-w-	c:\windows\system32\ff_vfw.dll
2011-03-24 19:35:18	243200	----a-w-	c:\windows\system32\xvidvfw.dll
2011-03-24 19:28:12	631808	----a-w-	c:\windows\system32\xvidcore.dll
2011-03-19 19:00:38	151552	----a-w-	c:\windows\system32\ac3acm.acm
2011-03-12 11:23:45	870912	----a-w-	c:\windows\system32\XpsPrint.dll
.
============= FINISH: 16:08:31.83 ===============

Attach.zip

[Weird Connections to Router]

Hi guys! Last night I ran into a weird connection issue which I'm not sure is malware related.

First, off, let me say that I'm always careful when browsing the interwebs - I only visit a handful of trusted sites, including a forum that I run, I never visit questionable sites, never open attachments except when I absolutely trust the contents, and I run Chrome with JS and plugins disabled unless I absolutely trust the site. I also run Avast Internet Security (minus firewall), Comodo Internet Security, and MBAM Pro (recent convert from free ). I scan regularly with both avast and MBAM, several times per week, just in case something slipped by. I also run Chrome sandboxed with Sandboxie. No one has access to my PC other than me.

So anyways, I was browsing with Chrome last night (my forum), got up to grab a snack, came back, and noticed some hard drive activity (hdd indicator light was on). I opened Comodo's active connection log and spotted over 100 connections from my PC to port 4444 of my router, a Dlink DIR 655. I immediately scanned with MBAM and Avast - both scans came up clean. I also scanned again today, did an Avast boot time scan, and a full scan with MBAM - still clean.

Now, the Speedguide page for port 4444 indicates a bunch of nasties use that port, and some legit software. But MBAM/Avast would have detected those things, correct? and, those nasties would connect to a remote address, not my router, right? I haven't seen any connections to port 4444 since last night. There aren't any programs listening for connections, but I've blocked any connections to port 4444 (ingress and egress) for now.

I noticed that Chrome background updated last night around the same time this happened. Is it possible that's what happened?

I might be overly paranoid, but I just want to make sure that something isn't wrong. Thanks guys for any advice!

[Thinking about Purchasing Pro]

Yes your fine with that. Hope it all works out for you, MBAM pro is a huge benefit alongside a good AV like Avast.

Have a fine evening

Thanks goldhound, you've been a huge help!

[Thinking about Purchasing Pro]

Thanks for the link, I'll check that out!

I probably should have been more clear about my program setup. Avast Internet Security is my AV and the firewall module is not installed. Only the firewall part of Comodo is installed, without the AV. That should be OK, right?

[Thinking about Purchasing Pro]

Hey all! First I wanted to say that MBAM is awesome! I've been using it since 2009, both on my own PC as well as friend/family members PCs to rid them of malware, and it has always done its job well. Thank you for creating such a great product!

I'm considering buying the Pro version for the extra layer of protection, and to support development of one of the best anti-spyware tools out there. I just wanted to make sure it'll play nice with my current security software. I'm running Windows 7, 3GB RAM and have the following programs installed:

- Avast Internet Security

- Microsoft Security Essentials

- Comodo Internet Security

I'm mainly concerned with the Avast + MSSE + MBAM Pro combo - will these programs work OK together?

I'm one of the paranoid-about-security types. I never open email attachments unless I know it's safe, I don't visit shady websites (if I do, I'll use a VM), and I don't install/run dubious software. So maybe I don't *need* the extra protection, but you can never be too safe! Helping to support MBAM is cool too.