PC Antispyware 2010 & braviax.exe

View previous topic View next topic Go down

PC Antispyware 2010 & braviax.exe

Post by afkostp on 17th August 2009, 12:44 pm

also, he resets when i try to run dr.web cureit
thanx in advance



Malwarebytes' Anti-Malware 1.39
Database version: 2431
Windows 5.1.2600 Service Pack 2

8/17/2009 12:23:56
mbam-log-2009-08-17 (12-23-56).txt

Scan type: Full Scan (C:\|)
Objects scanned: 135052
Time elapsed: 18 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\pc_antispyware2010\htmlayout.dll (Rogue.AntiVirusPro2009) -> Quarantined and deleted successfully.
c:\WINDOWS\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wpv201250394357.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wpv631250315064.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
C:\WINDOWS\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Milos\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wisdstr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

afkostp
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-08-17
OS OS : XP Service Pack 2
Points Points : 26720
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Antispyware 2010 & braviax.exe

Post by Belahzur on 17th August 2009, 1:56 pm

Please update MBAM database and re-run the scan.

Open MBAM and go into the update tab and press check for updates.
Once you have the latest updates, re-run the scan.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: PC Antispyware 2010 & braviax.exe

Post by afkostp on 18th August 2009, 11:43 am

Malwarebytes' Anti-Malware 1.40
Database version: 2647
Windows 5.1.2600 Service Pack 2

8/18/2009 13:39:37
mbam-log-2009-08-18 (13-39-37).txt

Scan type: Full Scan (C:\|)
Objects scanned: 139947
Time elapsed: 28 minute(s), 26 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 6
Folders Infected: 4
Files Infected: 27

Memory Processes Infected:
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe (Rogue.Multiple) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.AntiVirusPro2009) -> Delete on reboot.
C:\Program Files\PC_Antispyware2010\AVEngn.dll (Rogue.PC_Antispyware2010) -> Delete on reboot.
C:\Program Files\PC_Antispyware2010\pthreadVC2.dll (Rogue.PC_Antispyware2010) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc_antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pc antispyware 2010 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\data (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Start Menu\Programs\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.AntiVirusPro2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7KCW0Q95\Install[2].exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Uninstall.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\wscui.cpl (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wisdstr.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_scui.cpl (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\figaro.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\AVEngn.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.cfg (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\pthreadVC2.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\data\daily.cvd (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Start Menu\Programs\PC_Antispyware2010\PC_Antispyware2010.lnk (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Start Menu\Programs\PC_Antispyware2010\Uninstall.lnk (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
C:\WINDOWS\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

afkostp
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-08-17
OS OS : XP Service Pack 2
Points Points : 26720
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Antispyware 2010 & braviax.exe

Post by Belahzur on 18th August 2009, 3:41 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: PC Antispyware 2010 & braviax.exe

Post by afkostp on 18th August 2009, 10:02 pm

ComboFix 09-08-10.06 - Milos 08/18/2009 23:54.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.953 [GMT 2:00]
Running from: c:\documents and settings\Milos\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1004336348-790525478-839522115-1003
c:\recycler\S-1-5-21-1004336348-790525478-839522115-1003\desktop.ini
c:\recycler\S-1-5-21-1004336348-790525478-839522115-1003\INFO2
c:\windows\braviax.exe
c:\windows\cru629.dat
c:\windows\system32\braviax.exe
c:\windows\system32\cru629.dat
c:\windows\system32\dllcache\figaro.sys
c:\windows\system32\wisdstr.exe

c:\windows\system32\drivers\beep.sys . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 )))))))))))))))))))))))))))))))
.

2009-08-18 11:44 . 2009-08-18 21:45 29184 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-08-18 10:51 . 2009-08-18 10:51 17112 ----a-w- c:\windows\yjow.reg
2009-08-18 10:51 . 2009-08-18 10:51 15537 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\axamo.dat
2009-08-18 10:51 . 2009-08-18 10:51 19552 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\hoqi.vbs
2009-08-18 10:51 . 2009-08-18 10:51 18468 ----a-w- c:\windows\razy.dat
2009-08-18 10:51 . 2009-08-18 10:51 18283 ----a-w- c:\documents and settings\All Users\Application Data\kewupyru.scr
2009-08-18 10:51 . 2009-08-18 10:51 18184 ----a-w- c:\program files\Common Files\fije.com
2009-08-18 10:51 . 2009-08-18 10:51 15201 ----a-w- c:\program files\Common Files\kolicit.vbs
2009-08-18 10:51 . 2009-08-18 10:51 13143 ----a-w- c:\windows\ruzumokemo.bat
2009-08-18 10:51 . 2009-08-18 10:51 12157 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\dogalojobo.reg
2009-08-18 10:51 . 2009-08-18 10:51 11598 ----a-w- c:\documents and settings\LocalService\Application Data\demoxuky.bat
2009-08-18 10:51 . 2009-08-18 10:51 19772 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\ugejiboho.sys
2009-08-18 10:15 . 2009-08-18 10:15 19297 ----a-w- c:\program files\Common Files\nuciwoze.dll
2009-08-18 10:15 . 2009-08-18 10:15 19099 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\wetidemem.vbs
2009-08-18 10:15 . 2009-08-18 10:15 15140 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\ifyqez.bin
2009-08-18 10:15 . 2009-08-18 10:15 14233 ----a-w- c:\program files\Common Files\uneb.com
2009-08-18 10:15 . 2009-08-18 10:15 13881 ----a-w- c:\windows\system32\ikolynaky.pif
2009-08-18 10:15 . 2009-08-18 10:15 13131 ----a-w- c:\documents and settings\LocalService\Application Data\kaxixymezo.pif
2009-08-18 10:15 . 2009-08-18 10:15 12194 ----a-w- c:\windows\system32\wewyh.dll
2009-08-18 10:15 . 2009-08-18 10:15 11362 ----a-w- c:\windows\ylego.com
2009-08-18 05:17 . 2009-08-18 05:17 18554 ----a-w- c:\documents and settings\LocalService\Application Data\cihugupaz.exe
2009-08-18 05:17 . 2009-08-18 05:17 18219 ----a-w- c:\documents and settings\All Users\Application Data\lywan.sys
2009-08-18 05:17 . 2009-08-18 05:17 17748 ----a-w- c:\windows\system32\ulunujiji.dll
2009-08-18 05:17 . 2009-08-18 05:17 16136 ----a-w- c:\windows\poloh.dll
2009-08-18 05:17 . 2009-08-18 05:17 15157 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\jagatarece.pif
2009-08-18 05:17 . 2009-08-18 05:17 15121 ----a-w- c:\program files\Common Files\dinywymygi.dll
2009-08-18 05:17 . 2009-08-18 05:17 14978 ----a-w- c:\documents and settings\All Users\Application Data\ijacixeq.sys
2009-08-18 05:17 . 2009-08-18 05:17 13664 ----a-w- c:\windows\copovudiri.dat
2009-08-18 05:17 . 2009-08-18 05:17 13117 ----a-w- c:\program files\Common Files\badory.sys
2009-08-18 05:17 . 2009-08-18 05:17 12758 ----a-w- c:\windows\system32\uhovoheca.sys
2009-08-18 05:17 . 2009-08-18 05:17 10504 ----a-w- c:\windows\wuzufa.sys
2009-08-17 23:15 . 2009-08-17 23:15 19147 ----a-w- c:\windows\exadukytik.sys
2009-08-17 23:15 . 2009-08-17 23:15 18619 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\jyvizul.exe
2009-08-17 23:15 . 2009-08-17 23:15 17154 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\iqevirosa.bin
2009-08-17 23:15 . 2009-08-17 23:15 15073 ----a-w- c:\windows\osipuquv.exe
2009-08-17 23:15 . 2009-08-17 23:15 14742 ----a-w- c:\windows\atedoxa.bin
2009-08-17 23:15 . 2009-08-17 23:15 14657 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\yxap.dat
2009-08-17 23:15 . 2009-08-17 23:15 11907 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\dury.bat
2009-08-17 23:15 . 2009-08-17 23:15 10627 ----a-w- c:\documents and settings\All Users\Application Data\zakusuh.exe
2009-08-17 23:15 . 2009-08-17 23:15 10406 ----a-w- c:\program files\Common Files\anegefiwyv.reg
2009-08-17 23:13 . 2009-08-17 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-17 23:13 . 2009-08-17 23:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-17 22:22 . 2009-08-17 22:22 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-16 23:48 . 2009-08-16 23:48 19817 ----a-w- c:\documents and settings\LocalService\Application Data\yqufyfaca.dll
2009-08-16 22:55 . 2009-08-16 22:55 -------- d-----w- c:\documents and settings\Milos\Local Settings\Application Data\Opera
2009-08-16 22:55 . 2009-08-16 22:55 -------- d-----w- c:\program files\Opera
2009-08-16 02:17 . 2009-08-16 02:17 19006 ----a-w- c:\windows\qocejeri.pif
2009-08-16 02:17 . 2009-08-16 02:17 18887 ----a-w- c:\documents and settings\All Users\Application Data\emofufaze.sys
2009-08-16 02:17 . 2009-08-16 02:17 16614 ----a-w- c:\program files\Common Files\asim.reg
2009-08-16 02:17 . 2009-08-16 02:17 15304 ----a-w- c:\documents and settings\LocalService\Application Data\vefapeni.exe
2009-08-16 02:17 . 2009-08-16 02:17 13156 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\dytynom.pif
2009-08-16 02:17 . 2009-08-16 02:17 12992 ----a-w- c:\documents and settings\LocalService\Application Data\bikugepa.com
2009-08-16 02:17 . 2009-08-16 02:17 12794 ----a-w- c:\documents and settings\All Users\Application Data\tazofo.com
2009-08-16 02:17 . 2009-08-16 02:17 12122 ----a-w- c:\documents and settings\LocalService\Application Data\depoceker.scr
2009-08-16 02:17 . 2009-08-16 02:17 11989 ----a-w- c:\windows\bafol.exe
2009-08-16 02:17 . 2009-08-16 02:17 11613 ----a-w- c:\program files\Common Files\lulozocoxu.pif
2009-08-16 02:17 . 2009-08-16 02:17 10203 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\azuwany.vbs
2009-08-15 15:05 . 2009-08-15 15:05 619200 -c--a-w- c:\windows\system32\dllcache\ntfs.sys
2009-07-24 00:18 . 2003-03-18 19:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-07-24 00:18 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-07-24 00:18 . 2009-08-15 16:01 -------- d-----w- c:\program files\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-18 11:46 . 2007-11-01 22:36 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000001-00000000-00000008-00001102-00000002-80671102}.dat
2009-08-18 11:46 . 2007-11-01 22:36 288 ----a-w- c:\windows\system32\DVCState-{00000001-00000000-00000008-00001102-00000002-80671102}.dat
2009-08-18 10:51 . 2009-08-18 10:51 15425 ----a-w- c:\documents and settings\All Users\Application Data\cocini.reg
2009-08-18 10:51 . 2009-08-18 10:51 14471 ----a-w- c:\documents and settings\All Users\Application Data\beduk.reg
2009-08-18 10:51 . 2009-08-18 10:51 19870 ----a-w- c:\documents and settings\LocalService\Application Data\zobywub.vbs
2009-08-18 10:15 . 2009-08-18 10:15 16184 ----a-w- c:\documents and settings\LocalService\Application Data\ricak.bin
2009-08-18 05:17 . 2009-08-18 05:17 17142 ----a-w- c:\program files\Common Files\xykukylym.ban
2009-08-18 05:17 . 2009-08-18 05:17 14287 ----a-w- c:\program files\Common Files\elef.inf
2009-08-17 23:15 . 2009-08-17 23:15 19816 ----a-w- c:\program files\Common Files\vetopijun.inf
2009-08-17 23:15 . 2009-08-17 23:15 19690 ----a-w- c:\program files\Common Files\gipumuwyfa.dl
2009-08-17 23:15 . 2009-08-17 23:15 14857 ----a-w- c:\program files\Common Files\amynub.lib
2009-08-17 22:22 . 2009-07-14 21:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-16 23:48 . 2009-08-16 23:48 19165 ----a-w- c:\program files\Common Files\jixyxa.dll
2009-08-16 20:42 . 2009-05-03 11:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-16 12:01 . 2007-12-27 02:16 6755 ----a-w- c:\windows\system32\drivers\fwdrv.err
2009-08-16 02:17 . 2009-08-16 02:17 19756 ----a-w- c:\program files\Common Files\lediramawo._dl
2009-08-15 15:05 . 2008-12-20 01:54 -------- d-----w- c:\documents and settings\Milos\Application Data\uTorrent
2009-08-15 15:04 . 2002-08-29 02:13 619200 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-08-03 11:36 . 2009-07-14 21:40 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-07-14 21:40 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-27 00:29 . 2009-01-12 01:33 -------- d-----w- c:\program files\eMule
2009-07-26 22:56 . 2008-03-11 04:15 -------- d-----w- c:\program files\Zoom Player
2009-07-17 23:09 . 2008-04-18 13:13 -------- d-----w- c:\program files\CDisplay
2009-07-15 22:12 . 2003-12-31 23:19 335 ----a-w- c:\windows\nsreg.dat
2009-07-15 22:12 . 2009-07-15 22:12 4387 ----a-w- c:\windows\mozver.dat
2009-07-15 22:12 . 2009-07-15 22:12 118784 ----a-w- c:\windows\GREUninstall.exe
2009-07-15 02:32 . 2009-07-15 02:32 -------- d-----w- c:\program files\CCleaner
2009-07-14 21:40 . 2009-07-14 21:40 -------- d-----w- c:\documents and settings\Milos\Application Data\Malwarebytes
2009-07-14 21:40 . 2009-07-14 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-09 19:53 . 2008-10-23 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2009-07-02 20:42 . 2008-02-24 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
.

------- Sigcheck -------

[-] 2002-08-29 01:58 332928 244A2F9816BC9B593957281EF577D976 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-03 22:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2004-08-03 22:14 359040 6A603809F598332DBEDD535BDBCE313E c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-03 22:14 359040 6A603809F598332DBEDD535BDBCE313E c:\windows\system32\drivers\tcpip.sys

[-] 2009-08-18 21:45 29184 C4000A48F953D36167A7DF84F98A2634 c:\windows\system32\dllcache\beep.sys

[-] 2002-08-29 02:13 561920 E3AE9C79498210A5F39FE5A9AD62BC55 c:\windows\$NtServicePackUninstall$\ntfs.sys
[7] 2004-08-03 22:15 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2009-08-15 15:05 619200 86D41C8304C78627FE1D582D88CD388A c:\windows\system32\dllcache\ntfs.sys
[-] 2009-08-15 15:04 619200 5D407322AA69AC6E7B17C81B48DEB327 c:\windows\system32\drivers\ntfs.sys

c:\windows\system32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-03 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-05-02 323584]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-06-09 28672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-05-02 49152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-6 113664]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [4/23/2007 13:03 82200]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [3/11/2008 16:44 33824]
S2 gupdate1c9cbde9e708fc8;Google Update Service (gupdate1c9cbde9e708fc8);c:\program files\Google\Update\GoogleUpdate.exe [5/3/2009 13:02 133104]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 19:31 42000]
S3 Osellhscc;Osellhscc; [x]
.

================>

afkostp
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-08-17
OS OS : XP Service Pack 2
Points Points : 26720
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Antispyware 2010 & braviax.exe

Post by afkostp on 18th August 2009, 10:03 pm

============>


Contents of the 'Scheduled Tasks' folder

2009-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]

2009-08-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-03 11:00]

2009-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 11:02]

2009-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 11:02]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 162.114.40.34:80
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Milos\Application Data\Mozilla\Firefox\Profiles\7dd5xq4y.default\
FF - prefs.js: browser.startup.homepage -
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLC\npvlc.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-18 23:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

c:\qoobox\Quarantine\C\WINDOWS\system32\braviax.exe.viropen.Co [1748] 0x89E03800

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-08-18 23:58
ComboFix-quarantined-files.txt 2009-08-18 21:58

Pre-Run: 23,524,073,472 bytes free
Post-Run: 23,546,171,392 bytes free

263

afkostp
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-08-17
OS OS : XP Service Pack 2
Points Points : 26720
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Antispyware 2010 & braviax.exe

Post by afkostp on 18th August 2009, 10:05 pm

+ currently i'm having a Windows File Protection message

You choose not to restore the original versions of the files. This may affect Windows stability, Are you sure you want to keep these unrecognised file versions?


thanx

afkostp
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-08-17
OS OS : XP Service Pack 2
Points Points : 26720
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Antispyware 2010 & braviax.exe

Post by Belahzur on 19th August 2009, 12:12 am

I suggest you copy these instructions into a notepad file, because we need to use safe mode and you won't have internet access to read from here.

Download [You must be registered and logged in to see this link.] and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: PC Antispyware 2010 & braviax.exe

Post by afkostp on 19th August 2009, 2:46 am

SDFix: Version 1.240
Run by Milos on Wed 08/19/2009 at 04:31

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Infected beep.sys Found!

beep.sys File Locations:

"C:\WINDOWS\system32\dllcache\beep.sys" 29184 08/18/2009 23:45

Infected File Listed Below:

C:\WINDOWS\system32\dllcache\beep.sys

File copied to Backups Folder
Attempting to replace beep.sys with original version


Original beep.sys Restored

"C:\WINDOWS\system32\dllcache\beep.sys" 4224 08/07/2008 15:27
"C:\WINDOWS\system32\drivers\beep.sys" 4224 08/07/2008 15:27



Checking Files :

Trojan Files Found:

C:\Documents and Settings\All Users\Documents\xelotife.scr - Deleted
C:\Program Files\Common Files\nofyfifyj.scr - Deleted
C:\Program Files\Common Files\qohazyvil.scr - Deleted
C:\WINDOWS\mibi._sy - Deleted
C:\WINDOWS\novov._sy - Deleted
C:\WINDOWS\system32\bilohub._sy - Deleted
C:\WINDOWS\system32\nomy._sy - Deleted
C:\WINDOWS\system32\uxetojydu._sy - Deleted
C:\WINDOWS\system32\vakotega._sy - Deleted
C:\WINDOWS\system32\ypuwexuj._sy - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-19 04:38:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 4 Aug 2004 1,667,584 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Tue 28 Jul 2009 1,548,120 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Thu 5 Mar 2009 2,260,480 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 10 Apr 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 15 Oct 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.key.bak"
Wed 19 Nov 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!

afkostp
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-08-17
OS OS : XP Service Pack 2
Points Points : 26720
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Antispyware 2010 & braviax.exe

Post by Belahzur on 19th August 2009, 7:35 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt just yet.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: PC Antispyware 2010 & braviax.exe

Post by afkostp on 19th August 2009, 9:29 pm

DDS (Ver_09-07-30.01) - NTFSx86
Run by Milos at 23:26:54.26 on Wed 08/19/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.865 [GMT 2:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\System32\svchost.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Milos\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 162.114.40.34:80
mSearchAssistant = [You must be registered and logged in to see this link.]
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [PC Antispyware 2010] "c:\program files\pc_antispyware2010\PC_Antispyware2010.exe" /hide
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
dRun: [braviax]
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {31435657-9980-0010-8000-00AA00389B71} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
AppInit_DLLs: cru629.dat
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\milos\applic~1\mozilla\firefox\profiles\7dd5xq4y.default\
FF - prefs.js: browser.startup.homepage -
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlc\npvlc.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

=================>

afkostp
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-08-17
OS OS : XP Service Pack 2
Points Points : 26720
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Antispyware 2010 & braviax.exe

Post by afkostp on 19th August 2009, 9:29 pm

============= SERVICES / DRIVERS ===============

R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-4-23 82200]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2008-3-11 33824]
S2 gupdate1c9cbde9e708fc8;Google Update Service (gupdate1c9cbde9e708fc8);c:\program files\google\update\GoogleUpdate.exe [2009-5-3 133104]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
S3 Osellhscc;Osellhscc; [x]

=============== Created Last 30 ================

2009-08-19 23:25 29,184 ac------ c:\windows\system32\dllcache\figaro.sys
2009-08-19 23:23 17,635 a------- c:\windows\zohaza._dl
2009-08-19 23:23 15,271 a------- c:\windows\ytikew.ban
2009-08-19 23:23 12,416 a------- c:\windows\sazokymuqi.db
2009-08-19 23:23 19,457 a------- c:\windows\system32\xofawaj.dl
2009-08-19 23:23 19,439 a------- c:\windows\system32\ofyzi.dll
2009-08-19 23:23 17,860 a------- c:\docume~1\alluse~1\applic~1\dycix.dat
2009-08-19 23:23 17,849 a------- c:\windows\ujaqikuqi.dll
2009-08-19 23:23 17,642 a------- c:\windows\pylig.dll
2009-08-19 23:23 17,222 a------- c:\windows\system32\uveh._sy
2009-08-19 23:23 14,577 a------- c:\docume~1\milos\applic~1\toxar.vbs
2009-08-19 23:23 14,347 a------- c:\windows\alejese.ban
2009-08-19 23:23 13,743 a------- c:\docume~1\milos\applic~1\ojuheri.com
2009-08-19 23:23 13,407 a------- c:\windows\system32\owenyty.reg
2009-08-19 23:23 13,302 a------- c:\windows\yrukyb.vbs
2009-08-19 23:23 11,225 a------- c:\windows\ikurobygyx.bin
2009-08-19 12:25 19,249 a------- c:\windows\qanocev.inf
2009-08-19 12:25 19,186 a------- c:\windows\wucygutyz.lib
2009-08-19 12:25 16,260 a------- c:\docume~1\alluse~1\applic~1\susaqitiho.exe
2009-08-19 12:25 11,736 a------- c:\windows\ruxykovy.com
2009-08-19 12:25 19,974 a------- c:\windows\sasecykyh.dat
2009-08-19 12:25 19,002 a------- c:\windows\system32\gojefulaja.db
2009-08-19 12:25 18,124 a------- c:\program files\common files\evixegyre.exe
2009-08-19 12:25 17,961 a------- c:\windows\javyzy.bat
2009-08-19 12:25 10,589 a------- c:\docume~1\alluse~1\applic~1\linar.reg
2009-08-19 12:25 10,243 a------- c:\windows\ojobu.vbs
2009-08-19 12:25 10,145 a------- c:\windows\system32\maba.inf
2009-08-19 12:25 348,123 a------- c:\windows\system32\_scui.cpl
2009-08-19 12:25 --d----- c:\program files\PC_Antispyware2010
2009-08-19 04:44 11,264 a------- c:\windows\braviax.exe
2009-08-19 04:44 6,144 a------- c:\windows\system32\cru629.dat
2009-08-19 04:44 6,144 a------- c:\windows\cru629.dat
2009-08-19 04:39 190,539 a------- c:\windows\system32\wisdstr.exe
2009-08-19 04:39 11,264 a------- c:\windows\system32\braviax.exe
2009-08-19 04:30 29,184 ac------ c:\windows\system32\dllcache\beep.sys
2009-08-19 04:30 29,184 a------- c:\windows\system32\drivers\beep.sys
2009-08-19 04:30 577,024 ac------ c:\windows\system32\dllcache\user32.dll
2009-08-19 04:30 --d----- c:\windows\ERUNT
2009-08-19 04:27 --d----- C:\SDFix
2009-08-18 23:56 -cd----- c:\windows\system32\dllcache\cache
2009-08-18 23:53 216,064 a------- c:\windows\PEV.exe
2009-08-18 23:53 161,792 a------- c:\windows\SWREG.exe
2009-08-18 23:53 98,816 a------- c:\windows\sed.exe
2009-08-18 23:53 --ds---- C:\Combo-Fix
2009-08-18 12:51 17,112 a------- c:\windows\yjow.reg
2009-08-18 12:51 15,425 a------- c:\docume~1\alluse~1\applic~1\cocini.reg
2009-08-18 12:51 19,014 a------- c:\windows\zuluna.ban
2009-08-18 12:51 18,468 a------- c:\windows\razy.dat
2009-08-18 12:51 18,283 a------- c:\docume~1\alluse~1\applic~1\kewupyru.scr
2009-08-18 12:51 18,184 a------- c:\program files\common files\fije.com
2009-08-18 12:51 15,201 a------- c:\program files\common files\kolicit.vbs
2009-08-18 12:51 14,772 a------- c:\windows\xezux.dl
2009-08-18 12:51 14,471 a------- c:\docume~1\alluse~1\applic~1\beduk.reg
2009-08-18 12:51 13,143 a------- c:\windows\ruzumokemo.bat
2009-08-18 12:51 10,921 a------- c:\windows\system32\cuxawusi._dl
2009-08-18 12:51 15,645 a------- c:\windows\ezekybuh.ban
2009-08-18 12:15 19,297 a------- c:\program files\common files\nuciwoze.dll
2009-08-18 12:15 16,765 a------- c:\windows\ybevolujaf.dl
2009-08-18 12:15 16,247 a------- c:\windows\epyk.inf
2009-08-18 12:15 14,233 a------- c:\program files\common files\uneb.com
2009-08-18 12:15 13,881 a------- c:\windows\system32\ikolynaky.pif
2009-08-18 12:15 12,194 a------- c:\windows\system32\wewyh.dll
2009-08-18 12:15 11,362 a------- c:\windows\ylego.com
2009-08-18 07:17 18,219 a------- c:\docume~1\alluse~1\applic~1\lywan.sys
2009-08-18 07:17 17,748 a------- c:\windows\system32\ulunujiji.dll
2009-08-18 07:17 16,136 a------- c:\windows\poloh.dll
2009-08-18 07:17 15,121 a------- c:\program files\common files\dinywymygi.dll
2009-08-18 07:17 14,978 a------- c:\docume~1\alluse~1\applic~1\ijacixeq.sys
2009-08-18 07:17 13,664 a------- c:\windows\copovudiri.dat
2009-08-18 07:17 13,117 a------- c:\program files\common files\badory.sys
2009-08-18 07:17 12,758 a------- c:\windows\system32\uhovoheca.sys
2009-08-18 07:17 10,504 a------- c:\windows\wuzufa.sys
2009-08-18 01:15 19,147 a------- c:\windows\exadukytik.sys
2009-08-18 01:15 19,112 a------- c:\windows\remujif.ban
2009-08-18 01:15 15,073 a------- c:\windows\osipuquv.exe
2009-08-18 01:15 14,742 a------- c:\windows\atedoxa.bin
2009-08-18 01:15 12,226 a------- c:\windows\system32\ryzovoqiry.dl
2009-08-18 01:15 10,627 a------- c:\docume~1\alluse~1\applic~1\zakusuh.exe
2009-08-18 01:15 10,406 a------- c:\windows\ejuv.db
2009-08-18 01:15 10,406 a------- c:\program files\common files\anegefiwyv.reg
2009-08-18 01:13 --d----- c:\program files\Spybot - Search & Destroy
2009-08-18 01:13 --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-08-17 05:04 19,287 a------- c:\windows\idide.bin
2009-08-17 05:04 17,662 a------- c:\docume~1\alluse~1\applic~1\arezem.pif
2009-08-17 05:04 16,897 a------- c:\docume~1\alluse~1\applic~1\yquv.reg
2009-08-17 05:04 16,560 a------- c:\program files\common files\agaluqofa.sys
2009-08-17 05:04 15,695 a------- c:\windows\ybuny._dl
2009-08-17 05:04 15,084 a------- c:\windows\cyvefocax.reg
2009-08-17 05:04 13,847 a------- c:\docume~1\alluse~1\applic~1\lutugulozu.pif
2009-08-17 05:04 12,858 a------- c:\windows\system32\icybesej.scr
2009-08-17 05:04 12,243 a------- c:\windows\system32\zagom.dat
2009-08-17 05:04 11,743 a------- c:\docume~1\alluse~1\applic~1\qawida.reg
2009-08-17 05:04 10,545 a------- c:\windows\system32\tudusaz.db
2009-08-17 01:48 19,315 a------- c:\windows\fofycobi._dl
2009-08-17 01:48 19,165 a------- c:\program files\common files\jixyxa.dll
2009-08-17 01:48 17,547 a------- c:\docume~1\alluse~1\applic~1\punupakewo.com
2009-08-17 01:48 17,467 a------- c:\docume~1\alluse~1\applic~1\owurotadob.bat
2009-08-17 01:48 15,235 a------- c:\program files\common files\upusubez.bin
2009-08-17 01:48 14,730 a------- c:\windows\system32\kuvuvabe.ban
2009-08-17 01:48 13,814 a------- c:\windows\juzi.reg
2009-08-17 01:48 13,376 a------- c:\program files\common files\ywekyv.com
2009-08-17 01:48 12,783 a------- c:\program files\common files\oruwugupu.com
2009-08-17 01:48 12,263 a------- c:\windows\suhacy.vbs
2009-08-17 01:48 12,135 a------- c:\windows\system32\uxipoj._dl
2009-08-17 01:48 10,657 a------- c:\docume~1\alluse~1\applic~1\zafibefif.reg
2009-08-17 01:48 10,444 a------- c:\windows\izijifo.db
2009-08-16 14:39 3,382,339 a------- c:\windows\{00000001-00000000-00000008-00001102-00000002-80671102}.BAK
2009-08-16 04:17 19,685 a------- c:\windows\ehamezujur.ban
2009-08-16 04:17 19,006 a------- c:\windows\qocejeri.pif
2009-08-16 04:17 18,887 a------- c:\docume~1\alluse~1\applic~1\emofufaze.sys
2009-08-16 04:17 18,196 a------- c:\windows\system32\amagazeta._dl
2009-08-16 04:17 16,614 a------- c:\program files\common files\asim.reg
2009-08-16 04:17 12,794 a------- c:\docume~1\alluse~1\applic~1\tazofo.com
2009-08-16 04:17 11,989 a------- c:\windows\bafol.exe
2009-08-16 04:17 11,613 a------- c:\program files\common files\lulozocoxu.pif
2009-08-15 17:05 619,200 ac------ c:\windows\system32\dllcache\ntfs.sys
2009-07-24 02:18 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-07-24 02:18 499,712 a------- c:\windows\system32\MSVCP71.dll

==================== Find3M ====================

2009-08-19 23:23 19,416 a------- c:\program files\common files\odyh.dl
2009-08-19 23:23 12,336 a------- c:\program files\common files\ipolazames.inf
2009-08-19 12:25 18,952 a------- c:\program files\common files\exypigu.db
2009-08-19 12:25 10,531 a------- c:\program files\common files\hyjanip._sy
2009-08-18 07:17 17,142 a------- c:\program files\common files\xykukylym.ban
2009-08-18 07:17 14,287 a------- c:\program files\common files\elef.inf
2009-08-18 01:15 19,816 a------- c:\program files\common files\vetopijun.inf
2009-08-18 01:15 19,690 a------- c:\program files\common files\gipumuwyfa.dl
2009-08-18 01:15 14,857 a------- c:\program files\common files\amynub.lib
2009-08-17 01:48 17,160 a------- c:\program files\common files\edafigew.lib
2009-08-17 01:48 15,596 a------- c:\program files\common files\ehote.lib
2009-08-16 14:01 6,755 a------- c:\windows\system32\drivers\fwdrv.err
2009-08-16 04:17 19,756 a------- c:\program files\common files\lediramawo._dl
2009-08-15 17:04 619,200 a------- c:\windows\system32\drivers\ntfs.sys
2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-16 00:12 4,387 a------- c:\windows\mozver.dat
2009-07-16 00:12 118,784 a------- c:\windows\GREUninstall.exe

============= FINISH: 23:27:15.81 ===============

afkostp
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-08-17
OS OS : XP Service Pack 2
Points Points : 26720
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Antispyware 2010 & braviax.exe

Post by Belahzur on 20th August 2009, 12:28 am

Hello.
I think it's time to draw the line here, this machine is very badly damaged. Even the patched file we fixed has been re-patched AGAIN!

I'm afraid I have bad news.

Your system is infected with a polymorphic file infector called Virut. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a format and clean install, or destructive recovery if you have an OEM recovery partition, is the best way to clean the infection and it is the best and safest way to return the machine to its normal working state.

Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable.

Also, avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.

Recent variants also modify htm, html, asp and php files.

Do not back up to another machine, as it may become compromised. Burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups.


For more information, please see [You must be registered and logged in to see this link.]

Instructions how to format and reinstall Windows can be found [You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum