Jump to content

unknown program N2PCLIENT.EXE keeps running


kairos

Recommended Posts

Sorry if this is in the wrong section...

A few days ago my I had my antivirus/firewall avira blocked an unknown program, n2Pclient.exe, from installing something. I blocked it from running because I had no idea what kind of program was about to be installed, as i wasn't installing anything nor was I notified of a program updating. Now the weird thing is that almost every night (it would only run during night time) my PC would slow down and when I check the task manager I would find that a bunch (around 30) of n2Pclient.exe (Installer.exe) is eating up my PC's memory. I tried scanning my PC with mbam and avira but every search comes up with nothing.

n2pclient.jpg

My OS is

Microsoft Windows XP version 2002 Service Pack 3

also it would seem that whenever this happens my opera's memory usage would skyrocket to 300Mb from its usual ~100Mb

Link to post
Share on other sites

  • Staff

Hi,

Please download DDS and save it to your desktop.

  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.

---------------------------------------------------

Copy and paste the contents of DDS.txt in your next reply. Do not copy and paste the contents of Attach.txt, but attach it to your reply instead.

Link to post
Share on other sites

Thanks for the reply...

anyways... here is the DDS log.

DDS (Ver_10-03-17.01) - NTFSx86

Run by Kite at 15:12:43.04 on Tue 09/28/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.503 [GMT 8:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}

FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FW: Avira FireWall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

D:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\Avira\AntiVir Desktop\sched.exe

D:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe

D:\Program Files\Avira\AntiVir Desktop\avguard.exe

D:\Program Files\Bonjour\mDNSResponder.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\Launch Manager\dsiwmis.exe

D:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE

D:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE

D:\Program Files\Java\jre6\bin\jqs.exe

D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

D:\Program Files\Avira\AntiVir Desktop\avshadow.exe

D:\WINDOWS\system32\IoctlSvc.exe

D:\Program Files\CyberLink\Shared files\RichVideo.exe

D:\WINDOWS\system32\svchost.exe -k imgsvc

D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

D:\WINDOWS\RTHDCPL.EXE

D:\Program Files\Launch Manager\LManager.exe

D:\Program Files\Synaptics\SynTP\SynTPEnh.exe

D:\WINDOWS\system32\igfxtray.exe

D:\WINDOWS\system32\igfxpers.exe

D:\Program Files\Avira\AntiVir Desktop\avgnt.exe

D:\Program Files\Net Studio\USB FireWall\USB FireWall.exe

D:\Program Files\uTorrent\uTorrent.exe

D:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

D:\WINDOWS\system32\igfxsrvc.exe

D:\Program Files\Launch Manager\LMworker.exe

D:\WINDOWS\system32\wbem\unsecapp.exe

D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

D:\Program Files\Opera\opera.exe

D:\WINDOWS\System32\svchost.exe -k HTTPFilter

D:\WINDOWS\system32\wuauclt.exe

D:\WINDOWS\explorer.exe

D:\WINDOWS\system32\wscntfy.exe

D:\Documents and Settings\Kite\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.com/

uSearch Bar = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - d:\program files\epson software\easy photo print\EPTBL.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - d:\program files\epson software\easy photo print\EPTBL.dll

uRun: [uTorrent] "d:\program files\utorrent\uTorrent.exe"

uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe

uRun: [Google Update] "d:\documents and settings\kite\local settings\application data\google\update\GoogleUpdate.exe" /c

uRunOnce: [FlashPlayerUpdate] d:\windows\system32\macromed\flash\FlashUtil10i_Plugin.exe -update plugin

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [AzMixerSel] d:\program files\realtek\audio\drivers\AzMixerSel.exe

mRun: [LManager] d:\program files\launch manager\LManager.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [igfxTray] d:\windows\system32\igfxtray.exe

mRun: [Persistence] d:\windows\system32\igfxpers.exe

mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [uSBFW] d:\program files\net studio\usb firewall\USB FireWall.exe

dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: c:\progra~1\speedb~1\sblsp.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: d:\progra~1\google\google~1\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\kite\applic~1\mozilla\firefox\profiles\qfd7dqx2.default\

FF - plugin: d:\documents and settings\kite\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

d:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

d:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);

d:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

d:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

d:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avfwot;avfwot;d:\windows\system32\drivers\avfwot.sys [2010-9-12 102856]

R1 avgio;avgio;d:\program files\avira\antivir desktop\avgio.sys [2010-9-12 11608]

R1 vsdatant;vsdatant;d:\windows\system32\vsdatant.sys [2010-9-12 528008]

R2 AntiVirFirewallService;Avira FireWall;d:\program files\avira\antivir desktop\avfwsvc.exe [2010-9-12 536232]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\avira\antivir desktop\sched.exe [2010-9-12 135336]

R2 AntiVirService;Avira AntiVir Guard;d:\program files\avira\antivir desktop\avguard.exe [2010-9-12 267432]

R2 avgntflt;avgntflt;d:\windows\system32\drivers\avgntflt.sys [2010-9-12 60936]

R2 DsiWMIService;Dritek WMI Service;d:\program files\launch manager\dsiwmis.exe [2010-4-8 312400]

R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);d:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2010-9-17 153600]

R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);d:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2010-9-17 121856]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-6-14 1051976]

R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]

R3 avfwim;AvFw Packet Filter Miniport;d:\windows\system32\drivers\avfwim.sys [2010-9-12 79432]

R3 S6000KNT;S6000KNT_WebCam Driver;d:\windows\system32\drivers\S6000KNT.sys [2010-9-12 3220992]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2010-2-24 10064]

S2 AntiVirMailService;Avira AntiVir MailGuard;d:\program files\avira\antivir desktop\avmailc.exe [2010-9-12 337064]

S2 AntiVirWebService;Avira AntiVir WebGuard;d:\program files\avira\antivir desktop\avwebgrd.exe [2010-9-12 405672]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 Ambfilt;Ambfilt;d:\windows\system32\drivers\Ambfilt.sys [2010-9-12 1691480]

S3 EUCR;EUCR;d:\windows\system32\drivers\EUCR6SK.sys [2010-9-12 108752]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;d:\program files\google\google desktop search\GoogleDesktop.exe [2010-9-12 30192]

S3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;d:\windows\system32\drivers\l1c51x86.sys [2010-9-12 60456]

S3 vsmon;TrueVector Internet Monitor;d:\windows\system32\zonelabs\vsmon.exe -service --> d:\windows\system32\zonelabs\vsmon.exe -service [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-09-27 11:04:25 0 d-----w- d:\program files\ConvertHelper

2010-09-27 11:00:14 0 d-----w- d:\documents and settings\kite\dwhelper

2010-09-27 10:17:18 0 d-----w- d:\program files\GUILTY GEAR XX ?RELOAD

2010-09-27 05:06:06 0 d-----w- d:\windows\RegisteredPackages

2010-09-26 12:36:07 0 d-----w- d:\program files\Sony

2010-09-25 11:40:05 56 ---ha-w- d:\windows\system32\ezsidmv.dat

2010-09-25 11:39:07 0 d-----r- d:\program files\Skype

2010-09-24 07:00:05 0 d-----w- d:\docume~1\alluse~1\applic~1\Speedbit

2010-09-24 07:00:03 172032 ----a-w- d:\windows\system32\AniGIF.ocx

2010-09-20 05:58:32 0 d-----w- d:\docume~1\kite\applic~1\Indigo Renderer

2010-09-20 00:07:58 1492 ----a-w- D:\ff8input.cfg

2010-09-19 00:16:26 69 ----a-w- d:\windows\NeroDigital.ini

2010-09-18 13:39:41 0 d-----w- d:\windows\system32\XPSViewer

2010-09-18 13:38:12 89088 -c----w- d:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-09-18 13:38:12 597504 -c----w- d:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-09-18 13:38:12 575488 -c----w- d:\windows\system32\dllcache\xpsshhdr.dll

2010-09-18 13:38:12 575488 ------w- d:\windows\system32\xpsshhdr.dll

2010-09-18 13:38:12 117760 ------w- d:\windows\system32\prntvpt.dll

2010-09-18 13:38:11 1676288 -c----w- d:\windows\system32\dllcache\xpssvcs.dll

2010-09-18 13:38:11 1676288 ------w- d:\windows\system32\xpssvcs.dll

2010-09-18 13:28:07 14592 -c--a-w- d:\windows\system32\dllcache\kbdhid.sys

2010-09-18 13:28:07 14592 ----a-w- d:\windows\system32\drivers\kbdhid.sys

2010-09-18 12:08:39 545 ----a-w- d:\windows\FICEDULA.INI

2010-09-18 10:08:37 42496 ----a-w- d:\windows\system32\eax.dll

2010-09-18 03:35:45 306688 ----a-w- d:\windows\IsUninst.exe

2010-09-18 03:35:43 0 d-----w- d:\documents and settings\kite\WINDOWS

2010-09-17 22:17:57 0 d-----w- d:\program files\MSXML 4.0

2010-09-17 02:41:26 0 d-----w- d:\program files\common files\EPSON

2010-09-17 02:40:41 8192 ----a-w- d:\windows\system32\E_DCINST.DLL

2010-09-17 02:40:27 93696 ----a-w- d:\windows\system32\E_FLBGEI.DLL

2010-09-17 02:40:27 63488 ----a-w- d:\windows\system32\E_FD4BGEI.DLL

2010-09-17 02:40:11 25856 -c--a-w- d:\windows\system32\dllcache\usbprint.sys

2010-09-17 02:40:11 25856 ----a-w- d:\windows\system32\drivers\usbprint.sys

2010-09-17 00:41:08 0 d-----w- d:\program files\Bonjour

2010-09-17 00:26:28 0 d-----w- d:\program files\common files\Macrovision Shared

2010-09-16 13:30:07 0 d-----w- d:\program files\Sierra

2010-09-16 13:02:23 1024 ----a-w- d:\documents and settings\kite\.rnd

2010-09-16 12:58:12 0 d-----w- d:\program files\Nero

2010-09-16 12:58:11 0 d-----w- d:\docume~1\alluse~1\applic~1\Nero

2010-09-16 12:02:51 0 d-----w- d:\program files\Net Studio

2010-09-16 11:22:36 30536 ----a-w- d:\windows\system32\TURegOpt.exe

2010-09-16 11:22:34 30024 ----a-w- d:\windows\system32\uxtuneup.dll

2010-09-16 11:22:11 0 d-----w- d:\docume~1\kite\applic~1\TuneUp Software

2010-09-16 11:21:59 0 d-----w- d:\program files\TuneUp Utilities 2010

2010-09-16 11:21:41 0 d-----w- d:\docume~1\alluse~1\applic~1\TuneUp Software

2010-09-16 11:19:48 0 d-sh--w- d:\docume~1\alluse~1\applic~1\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

2010-09-16 11:04:15 0 d-----w- d:\windows\system32\wbem\Repository

2010-09-16 10:12:22 0 ----a-w- d:\documents and settings\kite\JustOneId.tmp

2010-09-16 06:28:21 0 d-----w- d:\docume~1\alluse~1\applic~1\Adobe(2)

2010-09-15 23:34:45 0 d-----w- d:\docume~1\kite\applic~1\Adobe(2)

2010-09-15 13:40:47 0 d-----w- d:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe

2010-09-15 11:19:47 0 d-----w- d:\windows\system32\appmgmt

2010-09-15 10:16:31 0 d-----w- d:\docume~1\kite\applic~1\BatteryBar

2010-09-15 10:16:26 0 d-----w- d:\program files\BatteryBar

2010-09-14 14:15:46 0 d-----w- d:\docume~1\kite\applic~1\Red Alert 3

2010-09-14 14:14:16 0 d-----w- d:\docume~1\kite\applic~1\PrimoPDF

2010-09-14 14:12:59 444776 ----a-w- d:\windows\system32\d3dx10_35.dll

2010-09-14 13:57:09 0 d-----w- d:\windows\Logs

2010-09-14 13:55:45 176235 ----a-w- d:\windows\system32\Primomonnt.dll

2010-09-14 13:55:40 0 d-----w- d:\program files\Nitro PDF

2010-09-14 13:40:47 0 d-----w- D:\Red Alert 3

2010-09-13 05:01:41 221184 ----a-w- d:\windows\system32\wmpns.dll

2010-09-13 05:00:34 0 d-----w- d:\windows\ie8updates

2010-09-13 03:37:36 0 d-----w- d:\program files\SystemRequirementsLab

2010-09-13 03:05:25 73728 ----a-w- d:\windows\system32\javacpl.cpl

2010-09-13 03:05:25 423656 ----a-w- d:\windows\system32\deployJava1.dll

2010-09-13 02:34:44 2297552 ----a-w- d:\windows\system32\d3dx9_26.dll

2010-09-13 01:27:35 38160 ----a-w- d:\windows\system32\LMRTREND.dll

2010-09-13 01:27:33 140800 ----a-w- d:\windows\system32\tm20dec.ax

2010-09-13 01:27:32 182032 ----a-w- d:\windows\system32\dxtmsft3.dll

2010-09-13 01:27:27 63488 ----a-w- d:\windows\system32\unam4ie.exe

2010-09-13 01:27:18 5672 ----a-w- d:\windows\system32\quartz.vxd

2010-09-13 01:27:18 11776 ----a-w- d:\windows\system32\mciqtz.drv

2010-09-13 01:27:18 10240 ----a-w- d:\windows\system32\vidx16.dll

2010-09-13 01:27:17 194320 ----a-w- d:\windows\system32\qcut.dll

2010-09-13 01:27:15 4608 ----a-w- d:\windows\system32\w95inf32.dll

2010-09-13 01:27:15 2272 ----a-w- d:\windows\system32\w95inf16.dll

2010-09-12 23:19:30 247808 -c----w- d:\windows\system32\dllcache\ieproxy.dll

2010-09-12 23:19:29 599040 -c----w- d:\windows\system32\dllcache\msfeeds.dll

2010-09-12 23:19:29 12800 -c----w- d:\windows\system32\dllcache\xpshims.dll

2010-09-12 23:19:28 55296 -c----w- d:\windows\system32\dllcache\msfeedsbs.dll

2010-09-12 23:19:27 743424 -c----w- d:\windows\system32\dllcache\iedvtool.dll

2010-09-12 23:19:27 1987072 -c----w- d:\windows\system32\dllcache\iertutil.dll

2010-09-12 23:19:24 11079168 -c----w- d:\windows\system32\dllcache\ieframe.dll

2010-09-12 23:15:42 272128 -c----w- d:\windows\system32\dllcache\bthport.sys

2010-09-12 23:15:42 272128 ------w- d:\windows\system32\drivers\bthport.sys

2010-09-12 23:14:17 455680 -c----w- d:\windows\system32\dllcache\mrxsmb.sys

2010-09-12 22:57:08 2146304 -c----w- d:\windows\system32\dllcache\ntkrnlmp.exe

2010-09-12 22:57:07 2189952 -c----w- d:\windows\system32\dllcache\ntoskrnl.exe

2010-09-12 22:57:07 2066816 -c----w- d:\windows\system32\dllcache\ntkrnlpa.exe

2010-09-12 22:57:07 2024448 -c----w- d:\windows\system32\dllcache\ntkrpamp.exe

2010-09-12 13:18:01 0 d-----w- d:\docume~1\kite\applic~1\CheckPoint

2010-09-12 13:17:32 0 d-----w- d:\program files\CheckPoint

2010-09-12 13:17:30 4212 ---ha-w- d:\windows\system32\zllictbl.dat

2010-09-12 13:17:16 1238408 ----a-w- d:\windows\system32\zpeng25.dll

2010-09-12 13:17:15 0 d-----w- d:\windows\system32\ZoneLabs

2010-09-12 13:17:13 417012 ----a-w- d:\windows\system32\vsconfig.xml

2010-09-12 13:17:12 0 d-----w- d:\program files\Zone Labs

2010-09-12 13:16:32 0 d-----w- d:\windows\Internet Logs

2010-09-12 13:12:33 5120 ----a-w- d:\windows\system32\xpsp4res.dll

2010-09-12 13:10:06 0 d-----w- d:\program files\Uniblue

2010-09-12 12:48:30 0 d-----w- d:\program files\common files\ODBC

2010-09-12 12:48:27 0 d-----w- d:\program files\common files\SpeechEngines

2010-09-12 12:47:53 0 d-----r- d:\documents and settings\all users\Documents

2010-09-12 12:25:47 0 d-----w- d:\docume~1\kite\applic~1\Malwarebytes

2010-09-12 12:24:00 0 d-----w- d:\docume~1\kite\applic~1\Avira

2010-09-12 06:33:58 0 d-----w- d:\program files\Avira

2010-09-12 06:33:58 0 d-----w- d:\docume~1\alluse~1\applic~1\Avira

2010-09-12 06:28:24 0 d-----w- d:\program files\VideoLAN

2010-09-12 06:25:55 0 d-----w- d:\program files\uTorrent

2010-09-12 06:25:19 0 d-----w- d:\docume~1\kite\applic~1\uTorrent

2010-09-12 06:24:28 0 d-----w- d:\program files\PowerISO

2010-09-12 06:23:12 0 d-----w- d:\docume~1\alluse~1\applic~1\Malwarebytes

2010-09-12 06:23:11 0 d-----w- d:\program files\Malwarebytes' Anti-Malware

2010-09-12 06:14:40 0 d-----w- d:\docume~1\kite\applic~1\IObit

2010-09-12 06:14:39 0 d-----w- d:\program files\IObit

2010-09-12 06:12:20 0 d-----w- d:\program files\DAMN NFO Viewer

2010-09-12 06:04:02 0 d-----w- d:\docume~1\alluse~1\applic~1\UDL

2010-09-12 06:03:11 0 d-----w- d:\program files\Epson Software

2010-09-12 06:01:48 0 d-----w- d:\program files\Epson

2010-09-12 06:01:30 0 d-----w- d:\docume~1\alluse~1\applic~1\EPSON

2010-09-12 05:49:35 0 d-----w- d:\docume~1\alluse~1\applic~1\boost_interprocess

2010-09-12 05:43:56 0 d-----w- d:\program files\Atheros

2010-09-12 05:43:29 0 d-----w- d:\docume~1\alluse~1\applic~1\Atheros

2010-09-12 05:40:31 0 d-----w- d:\program files\Synaptics

2010-09-12 05:38:10 0 d-----w- d:\program files\Launch Manager

2010-09-12 05:34:47 0 d-----w- d:\program files\ALi

2010-09-12 05:33:04 0 d-----w- d:\program files\Realtek

2010-09-12 05:18:14 0 d-----w- d:\program files\msn gaming zone

2010-09-12 05:17:47 0 d-----w- d:\program files\K-Lite Codec Pack

2010-09-12 05:17:02 0 d-----w- d:\program files\CCleaner

2010-09-12 05:03:16 0 d-sh--w- d:\documents and settings\all users\DRM

2010-09-12 05:02:54 0 d--h--w- d:\program files\WindowsUpdate

2010-09-12 05:02:49 0 d-----w- d:\program files\Online Services

2010-09-12 05:01:59 0 d-----w- d:\program files\common files\MSSoap

2010-09-12 04:59:34 0 d-----w- d:\program files\Windows Media Connect 2

2010-09-12 04:58:59 0 d-----w- d:\program files\Windows NT

==================== Find3M ====================

2010-09-12 05:40:48 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf

2010-09-12 05:40:45 0 ---ha-w- d:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

2010-09-12 05:00:15 21640 ----a-w- d:\windows\system32\emptyregdb.dat

2010-08-17 13:17:06 58880 ----a-w- d:\windows\system32\spoolsv.exe

2010-07-22 15:49:15 590848 ----a-w- d:\windows\system32\rpcrt4.dll

2010-06-30 12:31:35 149504 ----a-w- d:\windows\system32\schannel.dll

2010-06-09 05:19:57 990208 ----a-w- d:\windows\inf\syssbck.dll

============= FINISH: 15:13:27.52 ===============

Attach.zip

Link to post
Share on other sites

  • Staff

Hi,

Are you still having this? Because I can't see that process running in your current processes now.

By the way, I see you have Zonealarm Firewall pro installed. I suggest you to uninstall it since you already have Avira premium Security suite which already contains a firewall.

More than 1 firewall installed may cause a lot of problems.

Is this USB FireWall also an extra one? If so, please uninstall it as well since there's really no need to overload your system with these.

Rather than giving you extra protection, it will decrease the reliability of it seriously, because there are compatibility issues between them.

Are you using pirated software? Because that may explain it, because some pirated software download this file, which is actually a file infector (Virut) :)

Did you run a scan with Avira (updated) already? Does it detect anything?

Because I have a bad feeling you are dealing with a File infector here, because I see a LOT of folders modified lately, started 2010-09-12

I really hope this is not the case as that would mean a format and reinstall.

Please also do the following...

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Link to post
Share on other sites

DDS (Ver_10-03-17.01) - NTFSx86

Run by Kite at 18:39:38.87 on Wed 09/29/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.404 [GMT 8:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}

FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FW: Avira FireWall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

D:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\Avira\AntiVir Desktop\sched.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\RTHDCPL.EXE

D:\Program Files\Launch Manager\LManager.exe

D:\Program Files\Synaptics\SynTP\SynTPEnh.exe

D:\WINDOWS\system32\igfxtray.exe

D:\WINDOWS\system32\igfxpers.exe

D:\Program Files\Avira\AntiVir Desktop\avgnt.exe

D:\Program Files\Net Studio\USB FireWall\USB FireWall.exe

D:\Program Files\uTorrent\uTorrent.exe

D:\WINDOWS\system32\ctfmon.exe

D:\WINDOWS\system32\igfxsrvc.exe

D:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe

D:\Program Files\Avira\AntiVir Desktop\avguard.exe

D:\Program Files\Bonjour\mDNSResponder.exe

D:\Program Files\Launch Manager\dsiwmis.exe

D:\Program Files\Avira\AntiVir Desktop\avshadow.exe

D:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE

D:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE

D:\Program Files\Java\jre6\bin\jqs.exe

D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

D:\WINDOWS\system32\IoctlSvc.exe

D:\Program Files\CyberLink\Shared files\RichVideo.exe

D:\WINDOWS\system32\svchost.exe -k imgsvc

D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

D:\Program Files\Launch Manager\LMworker.exe

D:\WINDOWS\system32\wbem\unsecapp.exe

D:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe

D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

D:\PROGRA~1\Google\GOOGLE~2\SketchUp.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\DOCUME~1\Kite\LOCALS~1\Temp\n2Pclient.exe

D:\WINDOWS\system32\wuauclt.exe

D:\WINDOWS\system32\taskmgr.exe

D:\Documents and Settings\Kite\Desktop\dds.scr

D:\Program Files\Avira\AntiVir Desktop\checkt.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.com/

uSearch Bar = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - d:\program files\epson software\easy photo print\EPTBL.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - d:\program files\epson software\easy photo print\EPTBL.dll

uRun: [uTorrent] "d:\program files\utorrent\uTorrent.exe"

uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe

uRun: [Google Update] "d:\documents and settings\kite\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [AzMixerSel] d:\program files\realtek\audio\drivers\AzMixerSel.exe

mRun: [LManager] d:\program files\launch manager\LManager.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [igfxTray] d:\windows\system32\igfxtray.exe

mRun: [Persistence] d:\windows\system32\igfxpers.exe

mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [uSBFW] d:\program files\net studio\usb firewall\USB FireWall.exe

dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: c:\progra~1\speedb~1\sblsp.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: d:\progra~1\google\google~1\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\kite\applic~1\mozilla\firefox\profiles\qfd7dqx2.default\

FF - plugin: d:\documents and settings\kite\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

d:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

d:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);

d:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

d:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

d:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avfwot;avfwot;d:\windows\system32\drivers\avfwot.sys [2010-9-12 102856]

R1 avgio;avgio;d:\program files\avira\antivir desktop\avgio.sys [2010-9-12 11608]

R1 vsdatant;vsdatant;d:\windows\system32\vsdatant.sys [2010-9-12 528008]

R2 AntiVirFirewallService;Avira FireWall;d:\program files\avira\antivir desktop\avfwsvc.exe [2010-9-12 536232]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\avira\antivir desktop\sched.exe [2010-9-12 135336]

R2 AntiVirService;Avira AntiVir Guard;d:\program files\avira\antivir desktop\avguard.exe [2010-9-12 267432]

R2 avgntflt;avgntflt;d:\windows\system32\drivers\avgntflt.sys [2010-9-12 60936]

R2 DsiWMIService;Dritek WMI Service;d:\program files\launch manager\dsiwmis.exe [2010-4-8 312400]

R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);d:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2010-9-17 153600]

R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);d:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2010-9-17 121856]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-6-14 1051976]

R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]

R3 avfwim;AvFw Packet Filter Miniport;d:\windows\system32\drivers\avfwim.sys [2010-9-12 79432]

R3 S6000KNT;S6000KNT_WebCam Driver;d:\windows\system32\drivers\S6000KNT.sys [2010-9-12 3220992]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2010-2-24 10064]

S2 AntiVirMailService;Avira AntiVir MailGuard;d:\program files\avira\antivir desktop\avmailc.exe [2010-9-12 337064]

S2 AntiVirWebService;Avira AntiVir WebGuard;d:\program files\avira\antivir desktop\avwebgrd.exe [2010-9-12 405672]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 Ambfilt;Ambfilt;d:\windows\system32\drivers\Ambfilt.sys [2010-9-12 1691480]

S3 EUCR;EUCR;d:\windows\system32\drivers\EUCR6SK.sys [2010-9-12 108752]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;d:\program files\google\google desktop search\GoogleDesktop.exe [2010-9-12 30192]

S3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;d:\windows\system32\drivers\l1c51x86.sys [2010-9-12 60456]

S3 vsmon;TrueVector Internet Monitor;d:\windows\system32\zonelabs\vsmon.exe -service --> d:\windows\system32\zonelabs\vsmon.exe -service [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-09-28 11:37:03 0 d-----w- d:\windows\system32\NtmsData

2010-09-28 11:18:44 3558912 ----a-w- d:\program files\moviemk.exe

2010-09-27 11:04:25 0 d-----w- d:\program files\ConvertHelper

2010-09-27 11:00:14 0 d-----w- d:\documents and settings\kite\dwhelper

2010-09-27 10:17:18 0 d-----w- d:\program files\GUILTY GEAR XX ?RELOAD

2010-09-27 05:06:06 0 d-----w- d:\windows\RegisteredPackages

2010-09-26 12:36:07 0 d-----w- d:\program files\Sony

2010-09-25 11:40:05 56 ---ha-w- d:\windows\system32\ezsidmv.dat

2010-09-25 11:39:07 0 d-----r- d:\program files\Skype

2010-09-24 07:00:05 0 d-----w- d:\docume~1\alluse~1\applic~1\Speedbit

2010-09-24 07:00:03 172032 ----a-w- d:\windows\system32\AniGIF.ocx

2010-09-20 05:58:32 0 d-----w- d:\docume~1\kite\applic~1\Indigo Renderer

2010-09-20 00:07:58 1492 ----a-w- D:\ff8input.cfg

2010-09-19 00:16:26 69 ----a-w- d:\windows\NeroDigital.ini

2010-09-18 13:39:41 0 d-----w- d:\windows\system32\XPSViewer

2010-09-18 13:38:12 89088 -c----w- d:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-09-18 13:38:12 597504 -c----w- d:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-09-18 13:38:12 575488 -c----w- d:\windows\system32\dllcache\xpsshhdr.dll

2010-09-18 13:38:12 575488 ------w- d:\windows\system32\xpsshhdr.dll

2010-09-18 13:38:12 117760 ------w- d:\windows\system32\prntvpt.dll

2010-09-18 13:38:11 1676288 -c----w- d:\windows\system32\dllcache\xpssvcs.dll

2010-09-18 13:38:11 1676288 ------w- d:\windows\system32\xpssvcs.dll

2010-09-18 13:28:07 14592 -c--a-w- d:\windows\system32\dllcache\kbdhid.sys

2010-09-18 13:28:07 14592 ----a-w- d:\windows\system32\drivers\kbdhid.sys

2010-09-18 12:08:39 545 ----a-w- d:\windows\FICEDULA.INI

2010-09-18 10:08:37 42496 ----a-w- d:\windows\system32\eax.dll

2010-09-18 03:35:45 306688 ----a-w- d:\windows\IsUninst.exe

2010-09-18 03:35:43 0 d-----w- d:\documents and settings\kite\WINDOWS

2010-09-17 22:17:57 0 d-----w- d:\program files\MSXML 4.0

2010-09-17 02:41:26 0 d-----w- d:\program files\common files\EPSON

2010-09-17 02:40:41 8192 ----a-w- d:\windows\system32\E_DCINST.DLL

2010-09-17 02:40:27 93696 ----a-w- d:\windows\system32\E_FLBGEI.DLL

2010-09-17 02:40:27 63488 ----a-w- d:\windows\system32\E_FD4BGEI.DLL

2010-09-17 02:40:11 25856 -c--a-w- d:\windows\system32\dllcache\usbprint.sys

2010-09-17 02:40:11 25856 ----a-w- d:\windows\system32\drivers\usbprint.sys

2010-09-17 00:41:08 0 d-----w- d:\program files\Bonjour

2010-09-17 00:26:28 0 d-----w- d:\program files\common files\Macrovision Shared

2010-09-16 13:30:07 0 d-----w- d:\program files\Sierra

2010-09-16 13:02:23 1024 ----a-w- d:\documents and settings\kite\.rnd

2010-09-16 12:58:12 0 d-----w- d:\program files\Nero

2010-09-16 12:58:11 0 d-----w- d:\docume~1\alluse~1\applic~1\Nero

2010-09-16 12:02:51 0 d-----w- d:\program files\Net Studio

2010-09-16 11:22:36 30536 ----a-w- d:\windows\system32\TURegOpt.exe

2010-09-16 11:22:34 30024 ----a-w- d:\windows\system32\uxtuneup.dll

2010-09-16 11:22:11 0 d-----w- d:\docume~1\kite\applic~1\TuneUp Software

2010-09-16 11:21:59 0 d-----w- d:\program files\TuneUp Utilities 2010

2010-09-16 11:21:41 0 d-----w- d:\docume~1\alluse~1\applic~1\TuneUp Software

2010-09-16 11:19:48 0 d-sh--w- d:\docume~1\alluse~1\applic~1\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

2010-09-16 11:04:15 0 d-----w- d:\windows\system32\wbem\Repository

2010-09-16 10:12:22 0 ----a-w- d:\documents and settings\kite\JustOneId.tmp

2010-09-16 06:28:21 0 d-----w- d:\docume~1\alluse~1\applic~1\Adobe(2)

2010-09-15 23:34:45 0 d-----w- d:\docume~1\kite\applic~1\Adobe(2)

2010-09-15 13:40:47 0 d-----w- d:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe

2010-09-15 11:19:47 0 d-----w- d:\windows\system32\appmgmt

2010-09-15 10:16:31 0 d-----w- d:\docume~1\kite\applic~1\BatteryBar

2010-09-15 10:16:26 0 d-----w- d:\program files\BatteryBar

2010-09-14 14:15:46 0 d-----w- d:\docume~1\kite\applic~1\Red Alert 3

2010-09-14 14:14:16 0 d-----w- d:\docume~1\kite\applic~1\PrimoPDF

2010-09-14 14:12:59 444776 ----a-w- d:\windows\system32\d3dx10_35.dll

2010-09-14 13:57:09 0 d-----w- d:\windows\Logs

2010-09-14 13:55:45 176235 ----a-w- d:\windows\system32\Primomonnt.dll

2010-09-14 13:55:40 0 d-----w- d:\program files\Nitro PDF

2010-09-14 13:40:47 0 d-----w- D:\Red Alert 3

2010-09-13 05:01:41 221184 ----a-w- d:\windows\system32\wmpns.dll

2010-09-13 05:00:34 0 d-----w- d:\windows\ie8updates

2010-09-13 03:37:36 0 d-----w- d:\program files\SystemRequirementsLab

2010-09-13 03:05:25 73728 ----a-w- d:\windows\system32\javacpl.cpl

2010-09-13 03:05:25 423656 ----a-w- d:\windows\system32\deployJava1.dll

2010-09-13 02:34:44 2297552 ----a-w- d:\windows\system32\d3dx9_26.dll

2010-09-13 01:27:35 38160 ----a-w- d:\windows\system32\LMRTREND.dll

2010-09-13 01:27:33 140800 ----a-w- d:\windows\system32\tm20dec.ax

2010-09-13 01:27:32 182032 ----a-w- d:\windows\system32\dxtmsft3.dll

2010-09-13 01:27:27 63488 ----a-w- d:\windows\system32\unam4ie.exe

2010-09-13 01:27:18 5672 ----a-w- d:\windows\system32\quartz.vxd

2010-09-13 01:27:18 11776 ----a-w- d:\windows\system32\mciqtz.drv

2010-09-13 01:27:18 10240 ----a-w- d:\windows\system32\vidx16.dll

2010-09-13 01:27:17 194320 ----a-w- d:\windows\system32\qcut.dll

2010-09-13 01:27:15 4608 ----a-w- d:\windows\system32\w95inf32.dll

2010-09-13 01:27:15 2272 ----a-w- d:\windows\system32\w95inf16.dll

2010-09-12 23:19:30 247808 -c----w- d:\windows\system32\dllcache\ieproxy.dll

2010-09-12 23:19:29 599040 -c----w- d:\windows\system32\dllcache\msfeeds.dll

2010-09-12 23:19:29 12800 -c----w- d:\windows\system32\dllcache\xpshims.dll

2010-09-12 23:19:28 55296 -c----w- d:\windows\system32\dllcache\msfeedsbs.dll

2010-09-12 23:19:27 743424 -c----w- d:\windows\system32\dllcache\iedvtool.dll

2010-09-12 23:19:27 1987072 -c----w- d:\windows\system32\dllcache\iertutil.dll

2010-09-12 23:19:24 11079168 -c----w- d:\windows\system32\dllcache\ieframe.dll

2010-09-12 23:15:42 272128 -c----w- d:\windows\system32\dllcache\bthport.sys

2010-09-12 23:15:42 272128 ------w- d:\windows\system32\drivers\bthport.sys

2010-09-12 23:14:17 455680 -c----w- d:\windows\system32\dllcache\mrxsmb.sys

2010-09-12 22:57:08 2146304 -c----w- d:\windows\system32\dllcache\ntkrnlmp.exe

2010-09-12 22:57:07 2189952 -c----w- d:\windows\system32\dllcache\ntoskrnl.exe

2010-09-12 22:57:07 2066816 -c----w- d:\windows\system32\dllcache\ntkrnlpa.exe

2010-09-12 22:57:07 2024448 -c----w- d:\windows\system32\dllcache\ntkrpamp.exe

2010-09-12 13:18:01 0 d-----w- d:\docume~1\kite\applic~1\CheckPoint

2010-09-12 13:17:32 0 d-----w- d:\program files\CheckPoint

2010-09-12 13:17:30 4212 ---ha-w- d:\windows\system32\zllictbl.dat

2010-09-12 13:17:16 1238408 ----a-w- d:\windows\system32\zpeng25.dll

2010-09-12 13:17:15 0 d-----w- d:\windows\system32\ZoneLabs

2010-09-12 13:17:13 417012 ----a-w- d:\windows\system32\vsconfig.xml

2010-09-12 13:17:12 0 d-----w- d:\program files\Zone Labs

2010-09-12 13:16:32 0 d-----w- d:\windows\Internet Logs

2010-09-12 13:12:33 5120 ----a-w- d:\windows\system32\xpsp4res.dll

2010-09-12 13:10:06 0 d-----w- d:\program files\Uniblue

2010-09-12 12:48:30 0 d-----w- d:\program files\common files\ODBC

2010-09-12 12:48:27 0 d-----w- d:\program files\common files\SpeechEngines

2010-09-12 12:47:53 0 d-----r- d:\documents and settings\all users\Documents

2010-09-12 12:25:47 0 d-----w- d:\docume~1\kite\applic~1\Malwarebytes

2010-09-12 12:24:00 0 d-----w- d:\docume~1\kite\applic~1\Avira

2010-09-12 06:33:58 0 d-----w- d:\program files\Avira

2010-09-12 06:33:58 0 d-----w- d:\docume~1\alluse~1\applic~1\Avira

2010-09-12 06:28:24 0 d-----w- d:\program files\VideoLAN

2010-09-12 06:25:55 0 d-----w- d:\program files\uTorrent

2010-09-12 06:25:19 0 d-----w- d:\docume~1\kite\applic~1\uTorrent

2010-09-12 06:24:28 0 d-----w- d:\program files\PowerISO

2010-09-12 06:23:12 0 d-----w- d:\docume~1\alluse~1\applic~1\Malwarebytes

2010-09-12 06:23:11 0 d-----w- d:\program files\Malwarebytes' Anti-Malware

2010-09-12 06:14:40 0 d-----w- d:\docume~1\kite\applic~1\IObit

2010-09-12 06:14:39 0 d-----w- d:\program files\IObit

2010-09-12 06:12:20 0 d-----w- d:\program files\DAMN NFO Viewer

2010-09-12 06:04:02 0 d-----w- d:\docume~1\alluse~1\applic~1\UDL

2010-09-12 06:03:11 0 d-----w- d:\program files\Epson Software

2010-09-12 06:01:48 0 d-----w- d:\program files\Epson

2010-09-12 06:01:30 0 d-----w- d:\docume~1\alluse~1\applic~1\EPSON

2010-09-12 05:49:35 0 d-----w- d:\docume~1\alluse~1\applic~1\boost_interprocess

2010-09-12 05:43:56 0 d-----w- d:\program files\Atheros

2010-09-12 05:43:29 0 d-----w- d:\docume~1\alluse~1\applic~1\Atheros

2010-09-12 05:40:31 0 d-----w- d:\program files\Synaptics

2010-09-12 05:38:10 0 d-----w- d:\program files\Launch Manager

2010-09-12 05:34:47 0 d-----w- d:\program files\ALi

2010-09-12 05:33:04 0 d-----w- d:\program files\Realtek

2010-09-12 05:18:14 0 d-----w- d:\program files\msn gaming zone

2010-09-12 05:17:47 0 d-----w- d:\program files\K-Lite Codec Pack

2010-09-12 05:17:02 0 d-----w- d:\program files\CCleaner

2010-09-12 05:03:16 0 d-sh--w- d:\documents and settings\all users\DRM

2010-09-12 05:02:54 0 d--h--w- d:\program files\WindowsUpdate

2010-09-12 05:02:49 0 d-----w- d:\program files\Online Services

2010-09-12 05:01:59 0 d-----w- d:\program files\common files\MSSoap

2010-09-12 04:59:34 0 d-----w- d:\program files\Windows Media Connect 2

2010-09-12 04:58:59 0 d-----w- d:\program files\Windows NT

==================== Find3M ====================

2010-09-12 05:40:48 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf

2010-09-12 05:40:45 0 ---ha-w- d:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

2010-09-12 05:00:15 21640 ----a-w- d:\windows\system32\emptyregdb.dat

2010-08-17 13:17:06 58880 ----a-w- d:\windows\system32\spoolsv.exe

2010-07-22 15:49:15 590848 ----a-w- d:\windows\system32\rpcrt4.dll

2010-06-09 05:19:57 990208 ----a-w- d:\windows\inf\syssbck.dll

============= FINISH: 18:41:19.62 ===============

Attach.zip

Link to post
Share on other sites

thanks for the rep...

i blocked installer.exe from running with Avira firewall back then. Then after I did a system restore It came back, probably due to the change in the firewall exceptions.

As for the pirated softwares I have no-cd cracks for my original games (don't want to bring an external dvd rom when i'm mobile)

Link to post
Share on other sites

  • Staff

Hi,

Not sure if you have properly read my previous post....

You have posted a DDS log instead of a Combofix log.

Also, I still see the multiple Firewalls installed here which cause a lot of issues because they are not compatible with eachother.

The fact that you are indeed using pirated software may explain here a lot though and I fear you are indeed infected with Virut here.

Anyway, please Run combofix as I have posted in my previous instructions and post the Combofix log.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.