ComboFix 11-03-05.01 - p 08/03/2011 22:03:53.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.343 [GMT 5.5:30]
Running from: c:\documents and settings\p\My Documents\Downloads\ComboFix.exe
AV: Net Protector 2010 *Disabled/Updated* {5AE99E99-35D6-47B8-87C2-D8A82C07FB43}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Net Protector\Npbkp\e6d35f3aa51a65eb35c1f2340154a25e_54016.npb
c:\windows\system\MFC42D.DLL
c:\windows\system\MSVCRTD.DLL
.
.
((((((((((((((((((((((((( Files Created from 2011-02-08 to 2011-03-08 )))))))))))))))))))))))))))))))
.
.
2011-03-01 06:09 . 2011-03-01 06:09 -------- d-----r- C:\MSOCache
2011-02-23 16:03 . 2011-03-07 19:47 -------- d-----r- C:\Program Files
2011-02-23 16:00 . 2011-02-23 10:50 -------- d-----w- C:\Documents and Settings
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-05 16:19 . 2011-03-05 16:19 119808 ------w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
------- Sigcheck -------
.
[-] 2008-10-21 . 32272BF10467C8ACF1F83138C61D541E . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 65024]
"Rscmpt"="c:\windows\system32\Rscmpt.exe" [2002-08-22 481792]
"Zero-V Virus Shield"="c:\progra~1\NETPRO~1\EMAIL SCAN\EMAILSCN.EXE" [2011-03-01 141352]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-04-09 200704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-03-28 4616192]
"nwiz"="nwiz.exe" [2003-03-28 323584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-10 40048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-03-05 30192]
"MCtlSuc"="c:\program files\BSNL 3G Data Card\BSNL 3G\Resource\MCtlSuc.exe" [2010-01-13 91136]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NPLogon]
2010-09-20 17:37 45056 ----a-w- c:\windows\system32\NPLOGON.DLL
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\UGS\\NX 7.0\\UGII\\ugraf.exe"=
"c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R2 NPVProt;NPAV Antivirus Protection;c:\documents and settings\p\NPProt.exe [23/02/2011 4:43 PM 45056]
R2 UG Nx-7.0;UG Nx-7.0;c:\program files\UGS\NX 7.0\UGFLEXLM\lmgrd.exe [20/07/2009 8:20 AM 1372160]
R2 UG Nx 7.0;UG Nx 7.0;c:\program files\UGS\NX 7.0\UGFLEXLM\lmgrd.exe [20/07/2009 8:20 AM 1372160]
R2 ZVONLINE;ZVONLINE;c:\progra~1\NETPRO~1\zvscan\ZVONLINE.SYS [10/05/2010 6:01 PM 18176]
R2 ZVRegMon;Zero-V Registry Monitoring;c:\program files\Net Protector 2010\ZVRegMon\ZVRegMon.exe [16/07/2010 7:26 PM 73728]
R3 u302bus;HSPADataCard WMC Bus Driver (WDM);c:\windows\system32\drivers\u302bus.sys [30/07/2010 9:23 AM 119112]
R3 u302mdfl;HSPADataCard Modem Filter;c:\windows\system32\drivers\u302mdfl.sys [30/07/2010 9:23 AM 14920]
R3 u302mdm;HSPADataCard Modem Driver;c:\windows\system32\drivers\u302mdm.sys [30/07/2010 9:23 AM 135880]
R3 u302mgmt;HSPADataCard USB Device Management Drivers (WDM);c:\windows\system32\drivers\u302mgmt.sys [30/07/2010 9:23 AM 129992]
S0 jtjqite;jtjqite;c:\windows\system32\drivers\ivdhhva.sys --> c:\windows\system32\drivers\ivdhhva.sys [?]
S2 ZeroVProtect;Zero-V AntiVirus Protection;c:\program files\Net Protector 2010\ZVScan\ZVMonNt.exe [01/06/2010 11:39 AM 208896]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [05/03/2011 9:48 PM 30192]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.bsnllive.in/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\p\Application Data\Mozilla\Firefox\Profiles\e3t5u5nz.default\
FF - prefs.js: browser.startup.homepage -
www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter:
[email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
------- File Associations -------
.
batfile=c:\progra~1\NETPRO~1\ZVScan\ExecScan.exe "%1" %*
comfile=c:\progra~1\NETPRO~1\ZVScan\ExecScan.exe "%1" %*
exefile=c:\progra~1\NETPRO~1\ZVScan\ExecScan.exe "%1" %*
piffile=c:\progra~1\NETPRO~1\ZVScan\ExecScan.exe "%1" %*
scrfile=c:\progra~1\NETPRO~1\ZVScan\ExecScan.exe "%1" /S
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-03-08 22:11
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(548)
c:\windows\system32\NPlogon.dll
.
- - - - - - - > 'explorer.exe'(3744)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\UGS\NX 7.0\UGFLEXLM\ugslmd.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\CNAB4RPK.EXE
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Completion time: 2011-03-08 22:15:43 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-08 16:45
.
Pre-Run: 14,021,447,680 bytes free
Post-Run: 14,084,980,736 bytes free
.
- - End Of File - - BFE3098628CCE22FFDDD7379C5A330F5