100 % CPU usage! All the time
- Thread starter tinker
- Start date
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:18:45 AM, on 08/03/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\p\NPProt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\UGS\NX 7.0\UGFLEXLM\lmgrd.exe
C:\Program Files\UGS\NX 7.0\UGFLEXLM\lmgrd.exe
C:\Program Files\Net Protector 2010\zvscan\ZVMonNT.exe
C:\Program Files\Net Protector 2010\ZVRegMon\ZVRegMon.exe
C:\Program Files\UGS\NX 7.0\UGFLEXLM\ugslmd.exe
C:\WINDOWS\system32\Rscmpt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\NETPRO~1\EMAIL SCAN\EMAILSCN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BSNL 3G Data Card\Resource\MCtlSuc.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BSNL 3G Data Card\BSNL 3G.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bsnllive.in/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Rscmpt] C:\WINDOWS\system32\Rscmpt.exe
O4 - HKLM\..\Run: [Zero-V Virus Shield] "C:\PROGRA~1\NETPRO~1\EMAIL SCAN\EMAILSCN.EXE"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MCtlSuc] C:\Program Files\BSNL 3G Data Card\Resource\MCtlSuc.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB8537D3-ACAD-475E-BE79-E9868379D71D}: NameServer = 218.248.240.134 218.248.240.23
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: NPLogon - NPlogon.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NPAV Antivirus Protection (NPVProt) - Biz Secure Labs Pvt Ltd. - C:\Documents and Settings\p\NPProt.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: UG Nx 7.0 - Macrovision Corporation - C:\Program Files\UGS\NX 7.0\UGFLEXLM\lmgrd.exe
O23 - Service: UG Nx-7.0 - Macrovision Corporation - C:\Program Files\UGS\NX 7.0\UGFLEXLM\lmgrd.exe
O23 - Service: Zero-V AntiVirus Protection (ZeroVProtect) - Biz Secure Labs Pvt Ltd. - C:\Program Files\Net Protector 2010\zvscan\ZVMonNT.exe
O23 - Service: Zero-V Registry Monitoring (ZVRegMon) - Message Labs Pvt Ltd. - C:\Program Files\Net Protector 2010\ZVRegMon\ZVRegMon.exe
--
End of file - 5944 bytes
Scan saved at 1:18:45 AM, on 08/03/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\p\NPProt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\UGS\NX 7.0\UGFLEXLM\lmgrd.exe
C:\Program Files\UGS\NX 7.0\UGFLEXLM\lmgrd.exe
C:\Program Files\Net Protector 2010\zvscan\ZVMonNT.exe
C:\Program Files\Net Protector 2010\ZVRegMon\ZVRegMon.exe
C:\Program Files\UGS\NX 7.0\UGFLEXLM\ugslmd.exe
C:\WINDOWS\system32\Rscmpt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\NETPRO~1\EMAIL SCAN\EMAILSCN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BSNL 3G Data Card\Resource\MCtlSuc.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BSNL 3G Data Card\BSNL 3G.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bsnllive.in/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Rscmpt] C:\WINDOWS\system32\Rscmpt.exe
O4 - HKLM\..\Run: [Zero-V Virus Shield] "C:\PROGRA~1\NETPRO~1\EMAIL SCAN\EMAILSCN.EXE"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MCtlSuc] C:\Program Files\BSNL 3G Data Card\Resource\MCtlSuc.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB8537D3-ACAD-475E-BE79-E9868379D71D}: NameServer = 218.248.240.134 218.248.240.23
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: NPLogon - NPlogon.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NPAV Antivirus Protection (NPVProt) - Biz Secure Labs Pvt Ltd. - C:\Documents and Settings\p\NPProt.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: UG Nx 7.0 - Macrovision Corporation - C:\Program Files\UGS\NX 7.0\UGFLEXLM\lmgrd.exe
O23 - Service: UG Nx-7.0 - Macrovision Corporation - C:\Program Files\UGS\NX 7.0\UGFLEXLM\lmgrd.exe
O23 - Service: Zero-V AntiVirus Protection (ZeroVProtect) - Biz Secure Labs Pvt Ltd. - C:\Program Files\Net Protector 2010\zvscan\ZVMonNT.exe
O23 - Service: Zero-V Registry Monitoring (ZVRegMon) - Message Labs Pvt Ltd. - C:\Program Files\Net Protector 2010\ZVRegMon\ZVRegMon.exe
--
End of file - 5944 bytes
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5981
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
08/03/2011 1:27:52 AM
mbam-log-2011-03-08 (01-27-52).txt
Scan type: Quick scan
Objects scanned: 138372
Time elapsed: 50 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antiviruspro_2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSA.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMSS32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SVCHOSTS.EXE (Security.Hijack) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\PROGRA~1\NETPRO~1\ZVScan\ExecScan.exe "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\batfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\PROGRA~1\NETPRO~1\ZVScan\ExecScan.exe "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\comfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\PROGRA~1\NETPRO~1\ZVScan\ExecScan.exe "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\piffile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\PROGRA~1\NETPRO~1\ZVScan\ExecScan.exe "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\PROGRA~1\NETPRO~1\ZVScan\ExecScan.exe "%1" /S) Good: ("%1" /S) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
www.malwarebytes.org
Database version: 5981
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
08/03/2011 1:27:52 AM
mbam-log-2011-03-08 (01-27-52).txt
Scan type: Quick scan
Objects scanned: 138372
Time elapsed: 50 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antiviruspro_2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSA.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMSS32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SVCHOSTS.EXE (Security.Hijack) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\PROGRA~1\NETPRO~1\ZVScan\ExecScan.exe "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\batfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\PROGRA~1\NETPRO~1\ZVScan\ExecScan.exe "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\comfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\PROGRA~1\NETPRO~1\ZVScan\ExecScan.exe "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\piffile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\PROGRA~1\NETPRO~1\ZVScan\ExecScan.exe "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\PROGRA~1\NETPRO~1\ZVScan\ExecScan.exe "%1" /S) Good: ("%1" /S) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:30:19 AM, on 08/03/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\p\NPProt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\UGS\NX 7.0\UGFLEXLM\lmgrd.exe
C:\Program Files\UGS\NX 7.0\UGFLEXLM\lmgrd.exe
C:\Program Files\Net Protector 2010\zvscan\ZVMonNT.exe
C:\Program Files\Net Protector 2010\ZVRegMon\ZVRegMon.exe
C:\Program Files\UGS\NX 7.0\UGFLEXLM\ugslmd.exe
C:\WINDOWS\system32\Rscmpt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\NETPRO~1\EMAIL SCAN\EMAILSCN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BSNL 3G Data Card\Resource\MCtlSuc.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BSNL 3G Data Card\BSNL 3G.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\NETPRO~1\ZVScan\OSFPopup.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bsnllive.in/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Rscmpt] C:\WINDOWS\system32\Rscmpt.exe
O4 - HKLM\..\Run: [Zero-V Virus Shield] "C:\PROGRA~1\NETPRO~1\EMAIL SCAN\EMAILSCN.EXE"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MCtlSuc] C:\Program Files\BSNL 3G Data Card\Resource\MCtlSuc.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB8537D3-ACAD-475E-BE79-E9868379D71D}: NameServer = 218.248.240.134 218.248.240.23
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: NPLogon - NPlogon.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NPAV Antivirus Protection (NPVProt) - Biz Secure Labs Pvt Ltd. - C:\Documents and Settings\p\NPProt.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: UG Nx 7.0 - Macrovision Corporation - C:\Program Files\UGS\NX 7.0\UGFLEXLM\lmgrd.exe
O23 - Service: UG Nx-7.0 - Macrovision Corporation - C:\Program Files\UGS\NX 7.0\UGFLEXLM\lmgrd.exe
O23 - Service: Zero-V AntiVirus Protection (ZeroVProtect) - Biz Secure Labs Pvt Ltd. - C:\Program Files\Net Protector 2010\zvscan\ZVMonNT.exe
O23 - Service: Zero-V Registry Monitoring (ZVRegMon) - Message Labs Pvt Ltd. - C:\Program Files\Net Protector 2010\ZVRegMon\ZVRegMon.exe
--
End of file - 6083 bytes
Scan saved at 1:30:19 AM, on 08/03/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\p\NPProt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\UGS\NX 7.0\UGFLEXLM\lmgrd.exe
C:\Program Files\UGS\NX 7.0\UGFLEXLM\lmgrd.exe
C:\Program Files\Net Protector 2010\zvscan\ZVMonNT.exe
C:\Program Files\Net Protector 2010\ZVRegMon\ZVRegMon.exe
C:\Program Files\UGS\NX 7.0\UGFLEXLM\ugslmd.exe
C:\WINDOWS\system32\Rscmpt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\NETPRO~1\EMAIL SCAN\EMAILSCN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BSNL 3G Data Card\Resource\MCtlSuc.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BSNL 3G Data Card\BSNL 3G.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\NETPRO~1\ZVScan\OSFPopup.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bsnllive.in/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Rscmpt] C:\WINDOWS\system32\Rscmpt.exe
O4 - HKLM\..\Run: [Zero-V Virus Shield] "C:\PROGRA~1\NETPRO~1\EMAIL SCAN\EMAILSCN.EXE"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MCtlSuc] C:\Program Files\BSNL 3G Data Card\Resource\MCtlSuc.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB8537D3-ACAD-475E-BE79-E9868379D71D}: NameServer = 218.248.240.134 218.248.240.23
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: NPLogon - NPlogon.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NPAV Antivirus Protection (NPVProt) - Biz Secure Labs Pvt Ltd. - C:\Documents and Settings\p\NPProt.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: UG Nx 7.0 - Macrovision Corporation - C:\Program Files\UGS\NX 7.0\UGFLEXLM\lmgrd.exe
O23 - Service: UG Nx-7.0 - Macrovision Corporation - C:\Program Files\UGS\NX 7.0\UGFLEXLM\lmgrd.exe
O23 - Service: Zero-V AntiVirus Protection (ZeroVProtect) - Biz Secure Labs Pvt Ltd. - C:\Program Files\Net Protector 2010\zvscan\ZVMonNT.exe
O23 - Service: Zero-V Registry Monitoring (ZVRegMon) - Message Labs Pvt Ltd. - C:\Program Files\Net Protector 2010\ZVRegMon\ZVRegMon.exe
--
End of file - 6083 bytes
I did not rescan the pc with Malwarebyte 
I just clicked remove selected and then run the hijackthis program and posted the log.
Do you still insist that I rescan with malwarebyts which too more than an hour to scan. I can again go through that if needed. whats your opinion ?
Hmm..there seems to be a lag in posting replies. I missed one of your post and thats why I questioned the above querry.
I just clicked remove selected and then run the hijackthis program and posted the log. Do you still insist that I rescan with malwarebyts which too more than an hour to scan. I can again go through that if needed. whats your opinion ?
Hmm..there seems to be a lag in posting replies. I missed one of your post and thats why I questioned the above querry.
Last edited:
You do not need to rerun malwarebytes.
Please do the following so we can run a deeper scan of your system.
Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
In your next reply please post:
Please do the following so we can run a deeper scan of your system.
Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
- Download this file here :
http://www.bleepingcomputer.com/download/anti-virus/combofix
- Then double click combofix.exe & follow the prompts.
- When finished, it shall produce a log for you. Post that log in your next reply
Combofix should never take more that 20 minutes including the reboot if malware is detected.
In your next reply please post:
- The ComboFix log
- A fresh HiJackThis log
- An update on how your computer is running
No, this just means you are still badly infected. Please download and run the following then run combofix again.
http://download.bleepingcomputer.com/grinler/iExplore.exe
download this file to your desktop and run it. it will take a minute or two to run and it will produce a log when its done. Please copy and paste the log back here and then try running combofix again.
You will have to redownload combofix
http://download.bleepingcomputer.com/grinler/iExplore.exe
download this file to your desktop and run it. it will take a minute or two to run and it will produce a log when its done. Please copy and paste the log back here and then try running combofix again.
You will have to redownload combofix
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 08/03/2011 at 1:57:05.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
C:\Documents and Settings\p\NPProt.exe
Rkill completed on 08/03/2011 at 1:58:14.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 08/03/2011 at 1:57:05.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
C:\Documents and Settings\p\NPProt.exe
Rkill completed on 08/03/2011 at 1:58:14.
You need to redownload combofix. The first one you downloaded is already corrupted.