Jump to content

Strange Outgoing Connections


Recommended Posts

Hi guys, I originally posted about this here, but I was recommended to post in here to make sure everything is ok. In short, two days ago I was browsing the web (trusted site) and saw over 100 outgoing connections from my PC to my router (Dlink DIR 655) on port 4444. I saw the connections in Comodo Firewall's active connections list. I've scanned with both Avast (boot-time scan) and MBAM (quick and full), both have come up clean, but I'm worried something might be wrong here.

Thank you guys for your help!

Here is my MBAM quick scan log:


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6821

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

6/9/2011 3:48:40 PM
mbam-log-2011-06-09 (15-48-40).txt

Scan type: Quick scan
Objects scanned: 143492
Time elapsed: 3 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here is my DDS log:

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Rick at 16:06:24 on 2011-06-09
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3069.1587 [GMT -4:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\vcsFPService.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Battery Status\BattStat.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Sandboxie\SandboxieCrypto.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files\digitalpersona\bin\DpOtsPluginIe8.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
uRun: [Syncplicity] c:\program files\syncplicity\Syncplicity.exe
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [EPSON Stylus CX4800 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiada.exe /fu "c:\windows\temp\E_SB9B7.tmp" /EF "HKCU"
uRun: [Google Update] "c:\users\rick\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{BE058F8F-6828-47D5-8D1E-D43597911C92} : DhcpNameServer = 192.168.0.1
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
LSA: Notification Packages = scecli DPPWDFLT
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rick\appdata\roaming\mozilla\firefox\profiles\u1h5flix.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\rick\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-27 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-27 307928]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-5-2 238960]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-5-2 37592]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2011-5-8 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-27 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-4-27 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-10 42184]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-28 366640]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-2-23 1799472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-5-8 227896]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2011-5-8 65360]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-5-26 136304]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-28 22712]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-5-8 139368]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-3-24 126696]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-28 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-27 1343400]
.
=============== Created Last 30 ================
.
2011-06-01 23:49:44 -------- d-----w- c:\programdata\Panda Security
2011-06-01 23:49:40 -------- d-----w- c:\program files\Panda USB Vaccine
2011-06-01 04:11:44 6962000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5566af0e-364f-4675-ae1b-e35ef2c92604}\mpengine.dll
2011-05-30 02:35:30 -------- d-----w- c:\program files\ArdfryImaging
2011-05-26 00:42:24 -------- d-----w- c:\windows\system32\appmgmt
2011-05-24 18:19:57 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-21 05:43:22 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2011-05-21 05:43:19 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{638143b9-2f99-4cc5-8343-536f58a8d470}\gapaengine.dll
2011-05-19 05:59:36 -------- d-----w- c:\windows\pss
2011-05-19 05:57:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-19 05:51:49 -------- d-----w- c:\users\rick\appdata\local\Secunia PSI
2011-05-19 05:51:41 -------- d-----w- c:\program files\Secunia
2011-05-19 04:32:48 -------- d-----w- c:\program files\Battery Status
2011-05-18 03:58:12 -------- d-----r- C:\Sandbox
2011-05-18 03:56:01 -------- d-----w- c:\program files\Sandboxie
2011-05-17 04:48:34 53248 ----a-r- c:\users\rick\appdata\roaming\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2011-05-17 04:48:20 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-05-17 04:45:43 -------- d-----w- c:\users\rick\appdata\roaming\Logishrd
2011-05-17 04:40:09 80024 ----a-w- c:\windows\system32\PICSDK.dll
2011-05-17 04:40:09 51360 ----a-w- c:\windows\system32\EpPicPrt.dll
2011-05-17 04:40:09 51360 ----a-w- c:\windows\system32\EpPicMgr.dll
2011-05-17 04:40:09 501912 ----a-w- c:\windows\system32\PICSDK2.dll
2011-05-17 04:40:09 108704 ----a-w- c:\windows\system32\PICEntry.dll
2011-05-17 04:40:01 -------- d-----w- c:\programdata\EPSON
2011-05-17 04:39:05 76800 ----a-w- c:\windows\system32\E_FLBADA.DLL
2011-05-17 04:39:03 62976 ----a-w- c:\windows\system32\E_FD4BADA.DLL
2011-05-17 04:38:25 -------- d-----w- c:\program files\epson
2011-05-17 04:38:24 61952 ----a-w- c:\windows\system32\escwiad.dll
2011-05-16 21:04:58 -------- d-----w- c:\users\rick\appdata\roaming\Softland
2011-05-16 21:04:56 23376 ----a-w- c:\windows\system32\dopdfmn7.dll
2011-05-16 21:04:56 20816 ----a-w- c:\windows\system32\dopdfmi7.dll
2011-05-16 21:04:55 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2011-05-16 21:04:52 -------- d-----w- c:\program files\Softland
2011-05-12 03:37:54 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2011-05-11 02:25:15 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-10 21:33:09 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-10 21:33:09 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-10 21:33:09 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-10 21:33:09 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-10 21:33:09 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-10 21:33:09 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-10 21:33:05 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-10 21:33:05 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
.
==================== Find3M ====================
.
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 11:59:44 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-09 03:25:11 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2011-05-09 03:25:09 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2011-05-09 03:25:09 3555328 ----a-w- c:\windows\system32\bcmihvui.dll
2011-05-09 03:25:09 2710592 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2011-05-09 03:25:08 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll
2011-05-03 00:36:44 37592 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-05-03 00:36:42 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-05-03 00:36:42 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-05-03 00:36:04 284744 ----a-w- c:\windows\system32\guard32.dll
2011-04-28 17:04:45 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-04-28 04:43:47 231248 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2011-04-28 03:52:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-26 19:10:34 44784 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-04-26 19:10:34 122224 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-04-26 19:10:34 111280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-04-26 19:10:32 162544 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-04-26 19:10:32 135472 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2011-04-08 02:43:36 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-08 02:43:34 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-04-08 02:43:34 612456 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-08 02:43:34 293992 ----a-w- c:\windows\system32\nvhotkey.dll
2011-04-08 02:43:34 2582120 ----a-w- c:\windows\system32\nvsvcr.dll
2011-04-08 02:43:34 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-08 02:43:20 3701352 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-08 02:43:04 2565224 ----a-w- c:\windows\system32\nvsvc.dll
2011-03-29 08:00:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-03-24 19:35:18 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2011-03-24 19:28:12 631808 ----a-w- c:\windows\system32\xvidcore.dll
2011-03-19 19:00:38 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-03-12 11:23:45 870912 ----a-w- c:\windows\system32\XpsPrint.dll
.
============= FINISH: 16:08:31.83 ===============

Attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Post logs as is please without the code or quote boxes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hi Screen317, thanks very much for your help, it's greatly appreciated! Sorry about the code boxes, I didn't realize they would end up all colorized and hard to read like that!

Here are the scan results you asked me to run - I wasn't sure if you wanted Attach.txt from DDS so I zipped and attached it just in case.

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6838

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

6/12/2011 2:28:07 AM

mbam-log-2011-06-12 (02-28-07).txt

Scan type: Quick scan

Objects scanned: 143765

Time elapsed: 3 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-06-03.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Rick at 2:47:37 on 2011-06-12

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3069.1750 [GMT -4:00]

.

AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\vcsFPService.exe

C:\Windows\system32\WLANExt.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\DigitalPersona\Bin\DpHostW.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\IDT\WDM\aestsrv.exe

C:\Program Files\Secunia\PSI\sua.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Battery Status\BattStat.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Panda USB Vaccine\USBVaccine.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\DigitalPersona\Bin\DpAgent.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Sandboxie\SbieCtrl.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Sandboxie\SandboxieRpcSs.exe

C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Sandboxie\SandboxieCrypto.exe

C:\Windows\System32\rundll32.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Syncplicity\Syncplicity.exe

C:\Windows\explorer.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files\digitalpersona\bin\DpOtsPluginIe8.dll

BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll

uRun: [syncplicity] c:\program files\syncplicity\Syncplicity.exe

uRun: [sandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"

uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe

uRun: [EPSON Stylus CX4800 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiada.exe /fu "c:\windows\temp\E_SB9B7.tmp" /EF "HKCU"

uRun: [Google Update] "c:\users\rick\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{BE058F8F-6828-47D5-8D1E-D43597911C92} : DhcpNameServer = 192.168.0.1

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

AppInit_DLLs: c:\windows\system32\guard32.dll

LSA: Notification Packages = scecli DPPWDFLT

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\rick\appdata\roaming\mozilla\firefox\profiles\u1h5flix.default\

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\users\rick\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-27 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-27 307928]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-5-2 238960]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-5-2 37592]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2011-5-8 81920]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-27 19544]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-4-27 53592]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-10 42184]

R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-28 366640]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]

R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-2-23 1799472]

R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-5-8 227896]

R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2011-5-8 65360]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-5-26 136304]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-28 22712]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-5-8 139368]

R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-3-24 126696]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]

S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-28 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-27 1343400]

.

=============== Created Last 30 ================

.

2011-06-01 23:49:44 -------- d-----w- c:\programdata\Panda Security

2011-06-01 23:49:40 -------- d-----w- c:\program files\Panda USB Vaccine

2011-06-01 04:11:44 6962000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5566af0e-364f-4675-ae1b-e35ef2c92604}\mpengine.dll

2011-05-30 02:35:30 -------- d-----w- c:\program files\ArdfryImaging

2011-05-26 00:42:24 -------- d-----w- c:\windows\system32\appmgmt

2011-05-24 18:19:57 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-05-21 05:43:22 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll

2011-05-21 05:43:19 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{638143b9-2f99-4cc5-8343-536f58a8d470}\gapaengine.dll

2011-05-19 05:59:36 -------- d-----w- c:\windows\pss

2011-05-19 05:57:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-19 05:51:49 -------- d-----w- c:\users\rick\appdata\local\Secunia PSI

2011-05-19 05:51:41 -------- d-----w- c:\program files\Secunia

2011-05-19 04:32:48 -------- d-----w- c:\program files\Battery Status

2011-05-18 03:58:12 -------- d-----r- C:\Sandbox

2011-05-18 03:56:01 -------- d-----w- c:\program files\Sandboxie

2011-05-17 04:48:34 53248 ----a-r- c:\users\rick\appdata\roaming\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe

2011-05-17 04:48:20 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-05-17 04:45:43 -------- d-----w- c:\users\rick\appdata\roaming\Logishrd

2011-05-17 04:40:09 80024 ----a-w- c:\windows\system32\PICSDK.dll

2011-05-17 04:40:09 51360 ----a-w- c:\windows\system32\EpPicPrt.dll

2011-05-17 04:40:09 51360 ----a-w- c:\windows\system32\EpPicMgr.dll

2011-05-17 04:40:09 501912 ----a-w- c:\windows\system32\PICSDK2.dll

2011-05-17 04:40:09 108704 ----a-w- c:\windows\system32\PICEntry.dll

2011-05-17 04:40:01 -------- d-----w- c:\programdata\EPSON

2011-05-17 04:39:05 76800 ----a-w- c:\windows\system32\E_FLBADA.DLL

2011-05-17 04:39:03 62976 ----a-w- c:\windows\system32\E_FD4BADA.DLL

2011-05-17 04:38:25 -------- d-----w- c:\program files\epson

2011-05-17 04:38:24 61952 ----a-w- c:\windows\system32\escwiad.dll

2011-05-16 21:04:58 -------- d-----w- c:\users\rick\appdata\roaming\Softland

2011-05-16 21:04:56 23376 ----a-w- c:\windows\system32\dopdfmn7.dll

2011-05-16 21:04:56 20816 ----a-w- c:\windows\system32\dopdfmi7.dll

2011-05-16 21:04:55 1700352 ----a-w- c:\windows\system32\GdiPlus.dll

2011-05-16 21:04:52 -------- d-----w- c:\program files\Softland

.

==================== Find3M ====================

.

2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr

2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-05-10 11:59:44 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-05-09 03:25:11 6656 ----a-w- c:\windows\system32\bcmwlrc.dll

2011-05-09 03:25:09 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll

2011-05-09 03:25:09 3555328 ----a-w- c:\windows\system32\bcmihvui.dll

2011-05-09 03:25:09 2710592 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS

2011-05-09 03:25:08 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll

2011-05-03 00:36:44 37592 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-05-03 00:36:42 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-05-03 00:36:42 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-05-03 00:36:04 284744 ----a-w- c:\windows\system32\guard32.dll

2011-04-28 17:04:45 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-04-28 04:43:47 231248 ----a-w- c:\windows\system32\drivers\truecrypt.sys

2011-04-28 03:52:48 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-26 19:10:34 44784 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2011-04-26 19:10:34 122224 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2011-04-26 19:10:34 111280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2011-04-26 19:10:32 162544 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2011-04-26 19:10:32 135472 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll

2011-04-09 06:02:25 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-04-09 06:02:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe

2011-04-08 02:43:36 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll

2011-04-08 02:43:34 66664 ----a-w- c:\windows\system32\nvshext.dll

2011-04-08 02:43:34 612456 ----a-w- c:\windows\system32\nvvsvc.exe

2011-04-08 02:43:34 293992 ----a-w- c:\windows\system32\nvhotkey.dll

2011-04-08 02:43:34 2582120 ----a-w- c:\windows\system32\nvsvcr.dll

2011-04-08 02:43:34 111208 ----a-w- c:\windows\system32\nvmctray.dll

2011-04-08 02:43:20 3701352 ----a-w- c:\windows\system32\nvcpl.dll

2011-04-08 02:43:04 2565224 ----a-w- c:\windows\system32\nvsvc.dll

2011-03-29 08:00:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll

2011-03-25 02:58:37 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-03-25 02:58:07 284672 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-03-25 02:58:06 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-03-25 02:57:58 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-03-25 02:57:56 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-03-25 02:57:53 5888 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-03-24 19:35:18 243200 ----a-w- c:\windows\system32\xvidvfw.dll

2011-03-24 19:28:12 631808 ----a-w- c:\windows\system32\xvidcore.dll

2011-03-19 19:00:38 151552 ----a-w- c:\windows\system32\ac3acm.acm

.

============= FINISH: 2:49:55.99 ===============

ComboFix 11-06-11.01 - Rick 06/12/2011 3:04.1.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3069.2039 [GMT -4:00]

Running from: c:\users\Rick\Downloads\ComboFix.exe

AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2011-05-12 to 2011-06-12 )))))))))))))))))))))))))))))))

.

.

2011-06-12 07:21 . 2011-06-12 07:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-01 23:49 . 2011-06-01 23:49 -------- d-----w- c:\programdata\Panda Security

2011-06-01 23:49 . 2011-06-01 23:49 -------- d-----w- c:\program files\Panda USB Vaccine

2011-06-01 04:11 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5566AF0E-364F-4675-AE1B-E35EF2C92604}\mpengine.dll

2011-05-30 02:35 . 2011-05-30 02:35 -------- d-----w- c:\program files\ArdfryImaging

2011-05-24 18:19 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-05-21 05:43 . 2011-04-29 04:15 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2011-05-21 05:43 . 2011-04-29 04:15 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{638143B9-2F99-4CC5-8343-536F58A8D470}\gapaengine.dll

2011-05-19 05:57 . 2011-06-07 02:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-19 05:51 . 2011-05-19 05:51 -------- d-----w- c:\users\Rick\AppData\Local\Secunia PSI

2011-05-19 05:51 . 2011-05-19 05:51 -------- d-----w- c:\program files\Secunia

2011-05-19 04:32 . 2011-05-19 04:32 -------- d-----w- c:\program files\Battery Status

2011-05-18 03:58 . 2011-05-18 03:58 -------- d-----r- C:\Sandbox

2011-05-18 03:56 . 2011-05-18 03:56 -------- d-----w- c:\program files\Sandboxie

2011-05-17 04:48 . 2011-05-17 04:48 -------- d-----w- c:\users\Rick\AppData\Roaming\Leadertech

2011-05-17 04:48 . 2011-05-17 04:48 53248 ----a-r- c:\users\Rick\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-05-17 04:48 . 2011-05-17 04:48 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-05-17 04:47 . 2011-05-17 04:53 -------- d-----w- c:\programdata\Logishrd

2011-05-17 04:47 . 2011-05-17 04:47 -------- d-----w- c:\program files\Logitech

2011-05-17 04:46 . 2011-05-17 04:48 -------- d-----w- c:\program files\Common Files\Logishrd

2011-05-17 04:45 . 2011-05-17 04:53 -------- d-----w- c:\users\Rick\AppData\Roaming\Logitech

2011-05-17 04:45 . 2011-05-17 04:45 -------- d-----w- c:\users\Rick\AppData\Roaming\Logishrd

2011-05-17 04:40 . 2006-10-31 04:10 51360 ----a-w- c:\windows\system32\EpPicPrt.dll

2011-05-17 04:40 . 2006-10-31 04:10 51360 ----a-w- c:\windows\system32\EpPicMgr.dll

2011-05-17 04:40 . 2006-10-20 04:10 80024 ----a-w- c:\windows\system32\PICSDK.dll

2011-05-17 04:40 . 2006-10-20 04:10 501912 ----a-w- c:\windows\system32\PICSDK2.dll

2011-05-17 04:40 . 2006-10-20 04:10 108704 ----a-w- c:\windows\system32\PICEntry.dll

2011-05-17 04:40 . 2011-05-17 04:40 -------- d-----w- c:\users\Rick\AppData\Roaming\InstallShield

2011-05-17 04:40 . 2011-05-17 04:40 -------- d-----w- c:\programdata\EPSON

2011-05-17 04:39 . 2006-12-08 06:04 76800 ----a-w- c:\windows\system32\E_FLBADA.DLL

2011-05-17 04:39 . 2006-04-19 06:00 62976 ----a-w- c:\windows\system32\E_FD4BADA.DLL

2011-05-17 04:38 . 2011-05-17 04:38 -------- d-----w- c:\program files\epson

2011-05-17 04:38 . 2006-10-13 04:00 61952 ----a-w- c:\windows\system32\escwiad.dll

2011-05-16 21:04 . 2011-05-16 21:04 -------- d-----w- c:\users\Rick\AppData\Roaming\Softland

2011-05-16 21:04 . 2011-04-27 19:47 23376 ----a-w- c:\windows\system32\dopdfmn7.dll

2011-05-16 21:04 . 2011-04-27 19:47 20816 ----a-w- c:\windows\system32\dopdfmi7.dll

2011-05-16 21:04 . 2010-02-05 19:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll

2011-05-16 21:04 . 2011-05-16 21:04 -------- d-----w- c:\program files\Softland

2011-05-15 01:22 . 2011-05-15 01:22 -------- d-----w- c:\users\Public\Roaming

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 13:11 . 2011-04-28 04:05 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11 . 2011-04-28 04:05 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-10 12:10 . 2011-04-28 01:47 40112 ----a-w- c:\windows\avastSS.scr

2011-05-10 12:10 . 2011-04-28 01:47 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-05-10 12:03 . 2011-04-28 01:49 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-05-10 12:03 . 2011-04-28 01:50 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-05-10 12:02 . 2011-04-28 01:49 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-05-10 11:59 . 2011-04-28 01:49 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-05-10 11:59 . 2011-04-28 01:49 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-05-10 11:59 . 2011-04-28 01:50 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-05-09 20:46 . 2011-04-29 06:35 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-05-09 03:25 . 2011-05-09 03:25 6656 ----a-w- c:\windows\system32\bcmwlrc.dll

2011-05-09 03:25 . 2011-05-09 03:25 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll

2011-05-09 03:25 . 2011-05-09 03:25 3555328 ----a-w- c:\windows\system32\bcmihvui.dll

2011-05-09 03:25 . 2011-05-09 03:25 2710592 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS

2011-05-09 03:25 . 2011-05-09 03:25 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll

2011-05-07 20:17 . 2011-05-07 20:17 82400 ----a-w- c:\windows\system32\drivers\inspect.sys

2011-05-03 00:36 . 2011-05-03 00:36 37592 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-05-03 00:36 . 2011-05-03 00:36 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-05-03 00:36 . 2011-05-03 00:36 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-05-03 00:36 . 2011-05-03 00:36 284744 ----a-w- c:\windows\system32\guard32.dll

2011-04-28 17:04 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-04-28 04:43 . 2011-04-28 04:43 231248 ----a-w- c:\windows\system32\drivers\truecrypt.sys

2011-04-28 03:52 . 2011-04-28 03:52 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-28 02:38 . 2011-04-28 02:38 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-04-28 02:38 . 2011-04-28 02:38 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-04-28 02:38 . 2011-04-28 02:38 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-04-28 02:38 . 2011-04-28 02:38 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-04-28 02:38 . 2011-04-28 02:38 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-04-28 02:38 . 2011-04-28 02:38 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-04-28 02:38 . 2011-04-28 02:38 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-04-28 02:38 . 2011-04-28 02:38 367104 ----a-w- c:\windows\system32\html.iec

2011-04-28 02:38 . 2011-04-28 02:38 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-04-28 02:38 . 2011-04-28 02:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-04-28 02:38 . 2011-04-28 02:38 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-28 02:38 . 2011-04-28 02:38 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-04-28 02:38 . 2011-04-28 02:38 161792 ----a-w- c:\windows\system32\msls31.dll

2011-04-28 02:38 . 2011-04-28 02:38 152064 ----a-w- c:\windows\system32\wextract.exe

2011-04-28 02:38 . 2011-04-28 02:38 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-04-28 02:38 . 2011-04-28 02:38 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-04-28 02:38 . 2011-04-28 02:38 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-28 02:38 . 2011-04-28 02:38 11776 ----a-w- c:\windows\system32\mshta.exe

2011-04-28 02:38 . 2011-04-28 02:38 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-04-28 02:38 . 2011-04-28 02:38 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-04-28 02:38 . 2011-04-28 02:38 101888 ----a-w- c:\windows\system32\admparse.dll

2011-04-26 19:10 . 2011-05-01 19:40 44784 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2011-04-26 19:10 . 2011-04-26 19:10 122224 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2011-04-26 19:10 . 2011-04-26 19:10 111280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2011-04-26 19:10 . 2011-05-01 19:40 162544 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2011-04-26 19:10 . 2011-04-26 19:10 135472 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll

2011-04-18 13:15 . 2011-04-28 01:33 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3128556-9E56-4B08-8E72-E1C832096E15}\mpengine.dll

2011-04-09 06:02 . 2011-05-10 21:33 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-04-09 06:02 . 2011-05-10 21:33 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 05:56 . 2011-05-11 02:25 123904 ----a-w- c:\windows\system32\poqexec.exe

2011-04-08 05:14 . 2011-05-09 03:40 6299752 ----a-w- c:\windows\system32\nvwgf2um.dll

2011-04-08 05:14 . 2011-05-09 03:40 57960 ----a-w- c:\windows\system32\OpenCL.dll

2011-04-08 05:14 . 2011-05-09 03:40 15227496 ----a-w- c:\windows\system32\nvoglv32.dll

2011-04-08 05:14 . 2011-05-09 03:40 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll

2011-04-08 05:14 . 2011-05-09 03:40 855656 ----a-w- c:\windows\system32\nvgenco322060.dll

2011-04-08 05:14 . 2011-05-09 03:40 5180824 ----a-w- c:\windows\system32\nvcuda.dll

2011-04-08 05:14 . 2011-05-09 03:40 2765928 ----a-w- c:\windows\system32\nvcuvid.dll

2011-04-08 05:14 . 2011-05-09 03:40 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-04-08 05:14 . 2011-05-09 03:40 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2011-04-08 05:14 . 2011-05-09 03:40 10071656 ----a-w- c:\windows\system32\nvd3dum.dll

2011-04-08 05:14 . 2011-05-09 03:40 2034280 ----a-w- c:\windows\system32\nvapi.dll

2011-04-08 05:14 . 2011-05-09 03:40 13007464 ----a-w- c:\windows\system32\nvcompiler.dll

2011-04-08 05:14 . 2011-05-09 03:40 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd

2011-04-08 02:43 . 2011-04-08 02:43 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll

2011-04-08 02:43 . 2011-04-08 02:43 66664 ----a-w- c:\windows\system32\nvshext.dll

2011-04-08 02:43 . 2011-04-08 02:43 612456 ----a-w- c:\windows\system32\nvvsvc.exe

2011-04-08 02:43 . 2011-04-08 02:43 293992 ----a-w- c:\windows\system32\nvhotkey.dll

2011-04-08 02:43 . 2011-04-08 02:43 2582120 ----a-w- c:\windows\system32\nvsvcr.dll

2011-04-08 02:43 . 2011-04-08 02:43 111208 ----a-w- c:\windows\system32\nvmctray.dll

2011-04-08 02:43 . 2011-04-08 02:43 3701352 ----a-w- c:\windows\system32\nvcpl.dll

2011-04-08 02:43 . 2011-04-08 02:43 2565224 ----a-w- c:\windows\system32\nvsvc.dll

2011-03-29 08:00 . 2011-04-29 22:59 80896 ----a-w- c:\windows\system32\ff_vfw.dll

2011-03-25 02:58 . 2011-05-10 21:33 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-03-25 02:58 . 2011-05-10 21:33 284672 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-03-25 02:58 . 2011-05-10 21:33 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-03-25 02:57 . 2011-05-10 21:33 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-03-25 02:57 . 2011-05-10 21:33 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-03-25 02:57 . 2011-05-10 21:33 5888 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-03-24 19:35 . 2011-04-29 22:59 243200 ----a-w- c:\windows\system32\xvidvfw.dll

2011-03-24 19:28 . 2011-04-29 22:59 631808 ----a-w- c:\windows\system32\xvidcore.dll

2011-03-19 19:00 . 2011-04-29 22:59 151552 ----a-w- c:\windows\system32\ac3acm.acm

2011-05-19 06:56 . 2011-04-28 04:30 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Syncplicity Icon Overlay (Folder)]

@="{02FCECC2-84DC-4FAA-A718-C41FFCA5B8D1}"

[HKEY_CLASSES_ROOT\CLSID\{02FCECC2-84DC-4FAA-A718-C41FFCA5B8D1}]

2011-04-20 19:01 38400 ----a-w- c:\program files\Syncplicity\SyncplicityShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Syncplicity Icon Overlay (Fully Synced)]

@="{CA4FCCBF-F4B7-4DD1-861E-1F42AAD396D1}"

[HKEY_CLASSES_ROOT\CLSID\{CA4FCCBF-F4B7-4DD1-861E-1F42AAD396D1}]

2011-04-20 19:01 38400 ----a-w- c:\program files\Syncplicity\SyncplicityShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Syncplicity Icon Overlay (Not Latest Version)]

@="{284C090F-EB1D-4A6E-872E-6DB72E417E24}"

[HKEY_CLASSES_ROOT\CLSID\{284C090F-EB1D-4A6E-872E-6DB72E417E24}]

2011-04-20 19:01 38400 ----a-w- c:\program files\Syncplicity\SyncplicityShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Syncplicity Icon Overlay (Shared Folder)]

@="{3DFC86AD-F2CC-4AdA-98DD-AC5DC84119CC}"

[HKEY_CLASSES_ROOT\CLSID\{3DFC86AD-F2CC-4AdA-98DD-AC5DC84119CC}]

2011-04-20 19:01 38400 ----a-w- c:\program files\Syncplicity\SyncplicityShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Syncplicity"="c:\program files\Syncplicity\Syncplicity.exe" [2011-04-20 679936]

"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-03-24 409320]

"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-07-22 495708]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]

"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-12-01 842816]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-14 282624]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-05-10 2552648]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\guard32.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Users^Rick^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]

path=c:\users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-11-10 16:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-03-06 07:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-07-23 02:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]

2011-05-10 12:10 3459712 ----a-w- c:\program files\AVAST Software\Avast\AvastUI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]

2011-05-10 03:17 2552648 ----a-w- c:\program files\COMODO\COMODO Internet Security\cfp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-04-28 03:16 136176 ----atw- c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]

2010-11-30 17:20 997408 ----a-w- c:\program files\Microsoft Security Client\msseces.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerBlock]

2010-11-07 02:24 1866864 ----a-w- c:\program files\PeerBlock\peerblock.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-01-07 17:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 17:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

.

R1 MpKsl066ca734;MpKsl066ca734;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD8C5AA5-C2A5-4343-B2A7-40944B5F4C1B}\MpKsl066ca734.sys [x]

R1 MpKsl558deb8b;MpKsl558deb8b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93C14F52-30E8-425B-A9A1-2363DEA24FAC}\MpKsl558deb8b.sys [x]

R1 MpKslc8938471;MpKslc8938471;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93C14F52-30E8-425B-A9A1-2363DEA24FAC}\MpKslc8938471.sys [x]

R1 MpKslce3fc4cd;MpKslce3fc4cd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93C14F52-30E8-425B-A9A1-2363DEA24FAC}\MpKslce3fc4cd.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]

R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-28 1343400]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-05-03 238960]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-05-03 37592]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-04-26 162544]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-04-26 44784]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-04-19 399416]

S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 1799472]

S3 BattStatSys;BattStatSys;c:\users\Rick\AppData\Local\Temp\BSS8A73.tmp [x]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-12-25 65360]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-05-26 136304]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-03-03 139368]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-04-26 111280]

S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-04-26 122224]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - BATTSTATSYS

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090831089-2619997055-1522377865-1000Core.job

- c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-28 03:16]

.

2011-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090831089-2619997055-1522377865-1000UA.job

- c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-28 03:16]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\u1h5flix.default\

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BattStatSys]

"ImagePath"="\??\c:\users\Rick\AppData\Local\Temp\BSS8A73.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(616)

c:\windows\system32\guard32.dll

.

- - - - - - - > 'Explorer.exe'(2944)

c:\windows\system32\guard32.dll

c:\windows\System32\gameux.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\IDT\WDM\STacSV.exe

c:\program files\Sandboxie\SbieSvc.exe

c:\program files\NVIDIA Corporation\Display\NvXDSync.exe

c:\windows\system32\nvvsvc.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\conhost.exe

c:\program files\DigitalPersona\Bin\DpHostW.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\taskhost.exe

c:\program files\Battery Status\BattStat.exe

c:\program files\Panda USB Vaccine\USBVaccine.exe

c:\windows\system32\conhost.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Completion time: 2011-06-12 03:29:07 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-12 07:29

.

Pre-Run: 204,861,718,528 bytes free

Post-Run: 204,715,819,008 bytes free

.

- - End Of File - - 47C220384866AC8BE81B52C82350083B

Attach.zip

Link to post
Share on other sites

  • Staff

Hi,

I notice that you are using more than one antivirus program (avast and Microsoft). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Thanks screen317! Yes, I had MSSE installed alongside Avast, but after getting the pro version of MBAM I decided MSSE was overkill and I disabled the startup item and the MSSE service. I figured I could still used it as an on-demand scanner, but I've uninstalled it now. Here are the scan logs:

The ESET scanner log only had three lines. I did run it once at the beginning of May, could that be the cause?:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

Results of screen317's Security Check version 0.99.13

Windows 7 Service Pack 1 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

avast! Internet Security

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 26

Adobe Flash Player 10.3.181.22

Adobe Reader X (10.0.1)

Mozilla Firefox (x86 en-US..)

Mozilla Thunderbird (3.1.10) Thunderbird Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Comodo Firewall cmdagent.exe

Comodo Firewall cfp.exe

system32 OnlineCmdLineScanner.exe -?-

system32 AvastSvc.exe -?-

AVAST Software Avast AvastUI.exe

``````````End of Log````````````

I haven't noticed any more strange connections on port 4444 since I originally posted this topic, but after all these scans does it look like my PC is clean?

I'm still unsure of what caused the outgoing connections in the first place. It seems odd that my PC would send connections directly to my router on port 4444, and that's mainly why I posted here. The time of the connections did coincide exactly with a Google Chrome update, and I'm wondering if the Google Updater is to blame here? But again, why would svchost be sending connections to my router on port 4444? If I remember correctly from Comodo's Active Connections list, each connection to my router was 66 bytes in and out - single packets? I've seen nothing unusual in the router logs or Comodo. I've actually added a block + log rule so any outgoing/incoming connections on destination port 4444 are blocked - nothing yet!

Thanks for taking your time to help me! :)

Link to post
Share on other sites

  • Staff

Hi,

Could've been Google Updater; could've been something else Since you blocked it, there shouldn't be anything to worry about. :)

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

Reboot and let me know what issues remain.

Link to post
Share on other sites

Thanks Screen for taking your time to help me!

While not strictly related to the "port 4444" problem, I've been noticing some other odd outgoing connections in the 216.246.75.* range, which resolve to "unknown.scnet.net". svchost.exe is also initiating these connections. I see them immediately after logging onto my desktop. It's usually just a single connection which closes after awhile, but after adding a log rule to Comodo I see "windows operating system" trying to connect to an "unknown.scnet.net" address again. Some of the addresses I've seen are:

216.246.75.122

216.246.75.123

216.246.75.131

216.246.75.236

The source ports seem to be in the 50000s and the destination port is 80.

I'm not sure what to make of this... even after all the scans we've run I'm still concerned something is trying to "phone home"! :huh:

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.