Author Topic: braviax.exe--Something's gone wrong again  (Read 29243 times)

0 Members and 1 Guest are viewing this topic.

heinleineken

  • Guest
Re: braviax.exe--Something's gone wrong again
« Reply #30 on: February 20, 2008, 07:33:16 PM »
on access scanner just found these two again (Win32:JunkPoly[cryp]
Win32:Agent-QLO [trj] )

at these locations:

C:\WINDOWS\TEMP\NT439C932.exe

C:\WINDOWS\TEMP\NT43B1632.exe


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: braviax.exe--Something's gone wrong again
« Reply #31 on: February 20, 2008, 07:44:51 PM »
Nope not then  - But now.  As with the recovery console installed changes can safely be made to that area of your registry 

Re-run combofix. I will give the full spiel again 

Please download ComboFix from Here or Here to your Desktop.

**Note:  In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.[/color]
    -----------------------------------------------------------
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you. 
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

heinleineken

  • Guest
Re: braviax.exe--Something's gone wrong again
« Reply #32 on: February 20, 2008, 08:12:40 PM »
combofix .txt

ComboFix 08-02-20.2 - Default 2008-02-21 20:04:09.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1080 [GMT 1:00]
Running from: C:\Documents and Settings\Default\Desktop\ComboFix(2).exe
 * Created a new restore point
.


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: braviax.exe--Something's gone wrong again
« Reply #33 on: February 20, 2008, 08:14:18 PM »
Hi heinleineken is that all for the combofix log ?

heinleineken

  • Guest
Re: braviax.exe--Something's gone wrong again
« Reply #34 on: February 20, 2008, 08:59:12 PM »
that's all for the combofix log.....
the hijack this follows below

Logfile of HijackThis v1.99.1
Scan saved at 20:13, on 2008-02-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Documents and Settings\Jenn Kirklys\Desktop\security\HijackThis.exe

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Trust\CnxDslTb.exe
O4 - HKLM\..\Run: [D-Link Wireless G WUA-1340] C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.8\THGuard.exe"
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix(2)\Combobatch.bat
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: braviax.exe--Something's gone wrong again
« Reply #35 on: February 20, 2008, 09:22:52 PM »
Did combofix ask for a reboot  ? if not could you reboot and see if there is a new text file for Combofix at c:\Combofix.txt  The reason I say this is

O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix(2)\Combobatch.bat

heinleineken

  • Guest
Re: braviax.exe--Something's gone wrong again
« Reply #36 on: February 20, 2008, 09:30:21 PM »
c:\combofix is an empty folder (after drag/drop of SP2 boot disks)
c:\combofix(2).txt is as poste, I'll reboot and post results

heinleineken

  • Guest
Re: braviax.exe--Something's gone wrong again
« Reply #37 on: February 20, 2008, 09:38:59 PM »
after reboot no change in either combofix. 
more weird news though--on reboot it restarted as if there are two OS present, I only saw Windows XP before it immediately auto-cycled to boot

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: braviax.exe--Something's gone wrong again
« Reply #38 on: February 20, 2008, 09:43:10 PM »
That will be because the recovery console is now installed I will show you how to fix that annoyance later

Could you please re-run combofix again as I wish to see if it has cured that registry problem

heinleineken

  • Guest
Re: braviax.exe--Something's gone wrong again
« Reply #39 on: February 20, 2008, 09:51:20 PM »
combofix logfile


ComboFix 08-02-20.2 - Default 2008-02-21 21:45:43.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1135 [GMT 1:00]
Running from: C:\Documents and Settings\Default\Desktop\ComboFix(2).exe
.
The following files were disabled during the run:
C:\Program Files\TrojanHunter 3.8\THSec.dll


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\basekwgb32.dll

.
(((((((((((((((((((((((((   Files Created from 2008-01-21 to 2008-02-21  )))))))))))))))))))))))))))))))
.

2008-02-21 21:45 . 2008-02-21 21:48   <DIR>   d--------   C:\ComboFix(2)
2008-02-21 19:23 . 2004-08-03 23:00   260,272   --a------   C:\cmldr
2008-02-21 19:23 . 2007-10-11 00:53   211   --a------   C:\Boot.bak
2008-02-19 20:19 . 2008-02-19 20:19   <DIR>   d--------   C:\_OTMoveIt
2008-02-19 13:01 .    1,609,617,408      C:\hiberfil.sys
2008-02-19 00:56 . 2008-02-19 00:56   <DIR>   d--------   C:\Deckard
2008-02-19 00:28 . 2008-02-21 21:34   8   --a------   C:\WINDOWS\system32\ANIWZCSUSERNAME{70FFC40F-D921-47DD-B630-2E3571DE784A}
2008-02-18 16:59 . 2008-02-18 16:59   <DIR>   d--h-----   C:\WINDOWS\PIF
2008-02-18 16:19 . 2008-02-21 21:45   <DIR>   d--------   C:\Program Files\TrojanHunter 3.8
2008-02-18 15:49 . 2008-02-18 23:55   7   --a------   C:\WINDOWS\system32\ANIWZCSUSERNAME{13D04E61-604B-42AB-8CD4-F42619B2871C}
2008-02-18 13:13 . 2008-02-18 13:13   <DIR>   d--------   C:\Program Files\Spybot - Search & Destroy
2008-02-18 13:11 . 2008-02-18 13:09   691,545   --a------   C:\WINDOWS\unins000.exe
2008-02-18 13:11 . 2008-02-18 13:11   3,444   --a------   C:\WINDOWS\unins000.dat
2008-02-18 13:00 . 2008-02-18 13:14   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-18 12:03 . 2008-02-21 21:34   7   --a------   C:\WINDOWS\system32\ANIWZCSUSERNAME
2008-02-17 20:09 . 2006-12-22 18:44   245,760   --a------   C:\WINDOWS\system32\wnicapi.dll
2008-02-17 20:09 . 2008-02-19 00:23   8   --a------   C:\WINDOWS\system32\ANIWZCSUSERNAME{389EED01-65D4-49FA-A958-02D583D150F9}
2008-02-17 20:08 . 2006-04-06 13:15   8,192   -ra------   C:\WINDOWS\system32\drivers\rt2661.bin
2008-02-17 20:08 . 2006-04-06 13:15   8,192   -ra------   C:\WINDOWS\system32\drivers\rt2561s.bin
2008-02-17 20:08 . 2006-04-06 13:15   8,192   -ra------   C:\WINDOWS\system32\drivers\rt2561.bin
2008-02-17 20:08 . 2006-04-06 13:15   8,192   -ra------   C:\WINDOWS\system\rt2661.bin
2008-02-17 20:08 . 2006-04-06 13:15   8,192   -ra------   C:\WINDOWS\system\rt2561s.bin
2008-02-17 20:08 . 2006-04-06 13:15   8,192   -ra------   C:\WINDOWS\system\rt2561.bin
2008-02-17 20:08 . 2005-11-16 02:21   2,048   --a------   C:\WINDOWS\system\rt73.bin
2008-02-16 17:05 . 2008-02-16 18:40   <DIR>   d--------   C:\Program Files\Soulseek
2008-02-15 11:31 . 2008-02-15 11:31   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-02-15 11:31 . 2008-02-15 11:31   1,409   --a------   C:\WINDOWS\QTFont.for
2008-02-04 12:36 . 2008-02-04 12:36   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\TVU networks
2008-02-02 20:45 . 2008-02-02 20:52   <DIR>   d--------   C:\Program Files\RCrawler
2008-01-28 11:57 . 2008-01-28 11:57   <DIR>   d--------   C:\Documents and Settings\Default\Application Data\Nero
2008-01-28 11:54 . 2008-01-28 11:54   <DIR>   d--------   C:\Program Files\Nero
2008-01-28 11:54 . 2008-01-28 11:56   <DIR>   d--------   C:\Program Files\Common Files\Nero
2008-01-28 11:54 . 2008-01-28 11:54   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Nero
2008-01-28 11:52 . 2006-03-31 12:40   2,388,176   --a------   C:\WINDOWS\system32\d3dx9_30.dll
2008-01-28 11:52 . 2005-12-05 18:09   2,323,664   --a------   C:\WINDOWS\system32\d3dx9_28.dll
2008-01-28 10:30 . 2008-01-28 10:30   <DIR>   d--------   C:\Program Files\UltraISO
2008-01-28 10:30 . 2008-01-28 10:30   <DIR>   d--------   C:\Program Files\Common Files\EZB Systems
2008-01-27 23:31 . 2008-01-27 23:32   <DIR>   d--------   C:\Program Files\MagicISO
2008-01-21 00:52 . 2008-01-21 00:52   166   --a------   C:\key.shm

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-21 20:47   6,510,624   --sha-w   C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-21 20:35   ---------   d-----w   C:\Program Files\Mozilla Firefox
2008-02-21 20:33   2,145,386,496   --sha-w   C:\pagefile.sys
2008-02-21 20:30   80,264   --sha-w   C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-18 23:01   19,604,644   ----a-w   C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_02_18_23_18_57_full.dmp.zip
2008-02-18 22:18   1,536,512   ----a-w   C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-18 18:20   ---------   d-----w   C:\Documents and Settings\Default\Application Data\uTorrent
2008-02-18 15:19   59,392   ------r   C:\WINDOWS\streamhlp.dll
2008-02-18 10:53   ---------   d-----w   C:\Documents and Settings\Default\Application Data\Skype
2008-02-17 19:08   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-02-17 19:08   ---------   d-----w   C:\Program Files\D-Link
2008-02-10 18:32   ---------   d-----w   C:\Program Files\PowerISO
2008-02-04 11:36   ---------   d-----w   C:\Program Files\TVUPlayer
2008-01-29 22:35   ---------   d-----w   C:\Documents and Settings\Default\Application Data\U3
2008-01-28 10:54   ---------   d-----w   C:\Program Files\Common Files
2008-01-28 10:30   ---------   d-----w   C:\Program Files\Ahead
2008-01-27 11:54   ---------   d-----w   C:\Program Files\DivX
2008-01-17 00:13   691,717   ----a-w   C:\WINDOWS\system32\unins000.exe
2008-01-16 22:26   ---------   d-----w   C:\Program Files\Veoh Networks
2008-01-11 00:39   ---------   d-----w   C:\Program Files\Alex Feinman
2007-12-29 15:23   2,033,482   ----a-w   C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-24 12:47   7,680   ----a-w   C:\WINDOWS\system32\ff_vfw.dll
2007-12-24 12:47   38,400   ----a-w   C:\WINDOWS\system32\ff_unrar.dll
2007-12-24 12:40   404,992   ----a-w   C:\WINDOWS\system32\libmplayer.dll
2007-12-22 21:02   188,416   ----a-w   C:\WINDOWS\system32\ff_theora.dll
2007-12-22 21:02   102,912   ----a-w   C:\WINDOWS\system32\ff_tremor.dll
2007-12-22 20:27   3,104,256   ----a-w   C:\WINDOWS\system32\libavcodec.dll
2007-12-06 23:31   1,424,384   ----a-w   C:\WINDOWS\Internet Logs\xDB265.tmp
2007-12-06 23:24   1,424,384   ----a-w   C:\WINDOWS\Internet Logs\xDB266.tmp
2007-12-04 13:04   837,496   ----a-w   C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54   95,608   ----a-w   C:\WINDOWS\system32\AvastSS.scr
2007-12-03 15:39   122,880   ----a-w   C:\WINDOWS\system32\libmpeg2_ff.dll
2007-12-03 15:38   397,312   ----a-w   C:\WINDOWS\system32\ff_libfaad2.dll
2007-12-03 15:38   143,360   ----a-w   C:\WINDOWS\system32\ff_libmad.dll
2007-12-03 15:38   135,168   ----a-w   C:\WINDOWS\system32\ff_samplerate.dll
2007-12-03 15:38   118,784   ----a-w   C:\WINDOWS\system32\ff_realaac.dll
2007-12-03 15:37   54,784   ----a-w   C:\WINDOWS\system32\ff_liba52.dll
2007-12-03 15:37   167,936   ----a-w   C:\WINDOWS\system32\ff_libdts.dll
2007-12-03 15:34   26,624   ----a-w   C:\WINDOWS\system32\ff_wmv9.dll
2007-12-01 12:43   520,192   ----a-w   C:\WINDOWS\system32\ff_x264.dll
2007-11-29 22:30   200,704   ----a-w   C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30   1,044,480   ----a-w   C:\WINDOWS\system32\libdivx.dll
2007-11-29 12:17   662,016   ----a-w   C:\WINDOWS\system32\xvidcore.dll
2007-11-29 11:52   60,273   ----a-w   C:\WINDOWS\system32\pthreadGC2.dll
2007-11-29 11:52   204,800   ----a-w   C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-11-29 11:52   204,800   ----a-w   C:\WINDOWS\system32\ff_kernelDeint.dll
2007-11-03 13:42   1,418,240   ----a-w   C:\WINDOWS\Internet Logs\xDB1.tmp
2007-11-03 13:40   1,418,240   ----a-w   C:\WINDOWS\Internet Logs\xDB2.tmp
2004-08-04 12:00   4,096   --sha-w   C:\WINDOWS\system32\bns.dat
.

heinleineken

  • Guest
Re: braviax.exe--Something's gone wrong again
« Reply #40 on: February 20, 2008, 09:51:45 PM »

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"CnxDslTaskBar"="C:\Program Files\Trust\CnxDslTb.exe" [2003-05-28 18:52 397312]
"D-Link Wireless G WUA-1340"="C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe" [2005-12-15 12:19 2715648]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 17:34 49152]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2006-11-17 16:54 1552384]
"THGuard"="C:\Program Files\TrojanHunter 3.8\THGuard.exe" [2004-01-26 01:17 1067520]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"Registry Crawler"=C:\PROGRA~1\RCrawler\RCrawler.exe -TRAYONLY
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

R3 CnxTgN;TRUST 215A SPEEDLINK ADSL PCI WEB MODEM WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2003-05-28 18:52]
R3 CnxTgP;TRUST 215A SPEEDLINK ADSL PCI WEB MODEM WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgP.sys [2003-05-28 18:52]
R3 CnxTgR;TRUST 215A SPEEDLINK ADSL PCI WEB MODEM Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxTgR.sys [2003-05-28 18:52]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 21:48:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: braviax.exe--Something's gone wrong again
« Reply #41 on: February 20, 2008, 10:03:16 PM »
OK you now have a legitimate boot

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\basekwgb32.dll

.
(((((((((((((((((((((((((   Files Created from 2008-01-21 to 2008-02-21  )))))))))))))))))))))))))))))))

Are you still getting the warnings now ?

heinleineken

  • Guest
Re: braviax.exe--Something's gone wrong again
« Reply #42 on: February 20, 2008, 10:25:43 PM »
no more warnings,
hope that does it
thanks very much for your help and patience

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: braviax.exe--Something's gone wrong again
« Reply #43 on: February 20, 2008, 10:29:17 PM »
No problems, I was learning as well sUBs has a variant of that file so he does not require it Thankee

Now the best part of the day ----- Your log now appears clean  :thumbsup:

Double click OTMoveIt once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveIt wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself



Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
  • SpywareBlaster to help prevent spyware from installing in the first place.
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe  :wave: 

If you right click my computer and select properties
Then select the advanced tab
Remove the tick from the time to display list of operating systems that will remove the quick flash at start