Skype Outbound Connections

My skype quality used to be fantastic, then somewhere in the last month, it declined terribly, to where video calls are nearly impossible to complete or even make. I used Comodo Firewall obviously, as this is the best out there, and upon checking it while Skype was running, during a video call today, it had 37 outbound connections. I searched for a bit, but found nothing saying the “normal” outbound connections Skype is normally making. This number sees very unusual to me. Is there anyone who can help me out, and let me knw the issue or what to do? My antivirus consists of Windows Defender. I run Spybot SD once a week, but that is it. Is it possible there is a virus infecting my system? Also, here is a Hijack This log file at the time of a Skype Call.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:37 AM, on 6/16/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\vVX1000.exe
C:\Program Files (x86)\Returnil\RVS3\rvsgui.exe
C:\Users\Rayven\AppData\Local\Temp\RarSFX0\MemTurbo.exe
C:\Program Files (x86)\Razer\Naga\NagaTray.exe
C:\Program Files (x86)\Razer\Lycosa\razerhid.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Razer\Lycosa\razertra.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Outlook, Office, Skype, Bing, Breaking News, and Latest Videos
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Outlook, Office, Skype, Bing, Breaking News, and Latest Videos
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files (x86)\IObitCom\tbIObi.dll
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files (x86)\IObitCom\tbIObi.dll
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\NagaTray.exe
O4 - HKLM..\Run: [Lycosa] “C:\Program Files (x86)\Razer\Lycosa\razerhid.exe”
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [Adobe ARM] “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU..\Run: [Google Update] “C:\Users\Rayven\AppData\Local\Google\Update\GoogleUpdate.exe” /c
O4 - HKUS\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘NETWORK SERVICE’)
O4 - Startup: MemTurbo.lnk = C:\Users\Rayven\AppData\Local\Temp\RarSFX0\MemTurbo.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: RVS 2010.lnk = C:\Program Files (x86)\Returnil\RVS3\rvsgui.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_caafa62d\AESTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MSCamSvc - Unknown owner - C:\Program Files\Microsoft LifeCam\MSCamS64.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Returnil Virtual System Core Service (RVSMONBL) - CJSC Returnil Software - C:\Windows\SysWOW64\Returnil\RVS3\rvsmon.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_caafa62d\STacSV64.exe (file missing)
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

–
End of file - 8338 bytes

The Active Connections interface refreshes slowly. As a result it will show old connections that are no longer active.

Instead you can for example try the network monitor of Process Hacker.

I ran your HJT log through www.hijackthis.de and it remarked on the following entries:

• R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search. Is this your start page or a hijacked page?
• R3 - URLSearchHook: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files (x86)\IObitCom\tbIObi.dll
  O2 - BHO: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files (x86)\IObitCom\tbIObi.dll

Looks like you installed a program from IO Bit and installed their toolbar. If that is the case it is up to your likings if you keep the toolbar or not

• O23 - Service: [at]%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
  O23 - Service: [at]%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
  O23 - Service: [at]%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
  O23 - Service: [at]%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
  O23 - Service: [at]%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
  O23 - Service: [at]%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
  O23 - Service: [at]%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
  O23 - Service: [at]%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

A list of missing files from Windows services. Are you using a stripped, nLighted, version of Windows?

At first sight your system seems fine. The missing files puzzle me a bit.

I will check out that software you mentioned here after I finish this response. As for the www.conduit.com, my home pagers on Firefox, Chrome, and IE8 are all Google.com and this is also what shows up, I have never once seen that page before. I will be sure to delete that entry regardless. As for the missing files, the only thing I can think of is that up until two days ago, I had Returnil Virtual Software installed. This program, when Virtual Safe Enabled, removed any and all changes upon restart (or crashes -.-). I have forgotten more than once to disable the blasted thing when installing software, then restarted only to find the past 2 hours of work completely gone because of the Virtual System. Perhaps that is the cause. As of this writing I have installed Comodo Internet Security, I also use Comodo System Cleaner.

Back to the Skype, you do not believe that it is anything I should be worrying about?

I wouldn’t be worried about the Skype outgoing connections. The huge amount of connections is more than likely the result of the slow refreshing of the Active Connections windows of CIS.

Alright thank you very much. Spent the past evening reading over Comodo Articles, watching the videos I have found, and learning about the products. I like what I see. Thanks again, and this has answered my question. By all meas close this thread if that applies to this Forum. Thank you again for your help

Glad I could be of help.

On a sidenote. Comodo brings quite some good, and mostly free, stuff to the world that is more than worth giving it a try. Don’t hesitate to ask any questions you have.