Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Pro 2010 infection, braviax.exe, sys32_nov.exe, figaro.sys


  • This topic is locked This topic is locked
2 replies to this topic

#1 KublaKhan

KublaKhan

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 09 September 2009 - 02:49 PM

I have run Avg 8.5, Malwarebytes, Adaware, and Combofix with little success.
Antivirus Pro 2010 remains active along with other infectious files: sys32_nov.exe, braviax.exe, figaro.sys, beep.sys, etc.

I have created the attach.txt and ark.txt as instructed in the preparation guide. I can attach or copy/paste these upon request.
Thank you very much your assistance!

DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 15:01:11.68 on Wed 09/09/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.615 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ATI Launchpad] "c:\program files\ati multimedia\main\launchpd.exe"
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
uRun: [sys32_nov] c:\documents and settings\owner\sys32_nov.exe
uRun: [braviax]
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033 -noicon
mRun: [sys32_nov] c:\windows\system32\sys32_nov.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [Antivirus Pro 2010] "c:\program files\antiviruspro_2010\AntivirusPro_2010.exe" /hide
mRun: [braviax] braviax.exe
dRun: [braviax]
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp officejet 7100 series\bin\hpogrp07.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: {050AC5CD-E1E1-41ab-8CE0-61B56EFA7FA1} - c:\program files\poker\coraleurobetpoker.exe
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\poker\party\partypoker\RunApp.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {44226DFF-747E-4edc-B30C-78752E50CD0C} - {44226DFF-747E-4edc-B30C-78752E50CD0C} - c:\program files\ati multimedia\tv\EXPLBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: cru629.dat
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\nn842zzw.ehh\
FF - HiddenExtension: XUL Cache: {FFF0FA00-C04B-485C-ABBB-C9A613207B9F} - c:\documents and settings\owner\local settings\application data\{FFF0FA00-C04B-485C-ABBB-C9A613207B9F}

============= SERVICES / DRIVERS ===============

R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2009-7-17 245760]
S3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2009-7-17 23296]

=============== Created Last 30 ================

2009-09-09 14:01 29,184 ac------ c:\windows\system32\dllcache\figaro.sys
2009-09-06 02:34 19,910 a------- c:\windows\huzop.exe
2009-09-06 02:34 19,878 a------- c:\windows\system32\yvocika._dl
2009-09-06 02:34 17,468 a------- c:\windows\imykoku.bin
2009-09-06 02:34 15,381 a------- c:\docume~1\owner\applic~1\feqaryfe.scr
2009-09-06 02:34 14,965 a------- c:\docume~1\alluse~1\applic~1\wigafu.bat
2009-09-06 02:34 14,575 a------- c:\windows\nokop.scr
2009-09-06 02:34 13,639 a------- c:\windows\system32\yhybov._sy
2009-09-06 02:34 10,130 a------- c:\windows\gadiqynoc.bat
2009-09-06 02:34 349,562 a------- c:\windows\system32\_scui.cpl
2009-09-06 02:34 <DIR> --d----- c:\program files\AntivirusPro_2010
2009-09-06 02:24 6,144 a------- c:\windows\system32\cru629.dat
2009-09-06 02:24 6,144 a------- c:\windows\cru629.dat
2009-09-06 02:24 11,264 a------- c:\windows\braviax.exe
2009-09-05 23:58 190,442 a------- c:\windows\system32\wisdstr.exe
2009-09-05 23:58 29,184 ac------ c:\windows\system32\dllcache\beep.sys
2009-09-05 23:58 29,184 a------- c:\windows\system32\drivers\beep.sys
2009-09-05 23:58 11,264 a------- c:\windows\system32\braviax.exe
2009-09-05 23:06 108 a------- c:\windows\system32\delself.bat
2009-09-05 14:57 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-09-05 14:57 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-05 14:57 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-09-05 14:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-05 14:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-05 14:08 <DIR> a-dshr-- C:\cmdcons
2009-09-03 16:22 <DIR> --d----- c:\docume~1\owner\applic~1\Desktopicon
2009-09-03 16:22 <DIR> --d----- c:\program files\Unlocker
2009-09-03 16:03 120 a------- c:\windows\Vsuko.dat
2009-09-03 15:57 94,272 ac------ c:\windows\system32\dllcache\agp440.sys
2009-09-03 15:56 29,216 a------- c:\windows\system32\sys32_nov.exe
2009-09-03 15:51 <DIR> --d----- c:\program files\MediaMonkey
2009-09-03 15:50 <DIR> --d----- C:\Media Monkey Gold 3.07
2009-09-03 12:16 764,868 -c------ c:\windows\system32\dllcache\apph_sp.sdb
2009-09-03 12:16 217,118 -c------ c:\windows\system32\dllcache\apphelp.sdb
2009-09-03 12:15 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-09-03 12:09 <DIR> --d----- C:\8b1e603c38ce1a3ef2a6b911
2009-09-03 12:09 <DIR> --d----- c:\windows\system32\LogFiles
2009-09-03 05:20 498 a------- c:\windows\easyzip.INI
2009-08-12 17:22 655,872 -c------ c:\windows\system32\dllcache\mstscax.dll

==================== Find3M ====================

2009-09-09 14:02 94,272 a------- c:\windows\system32\drivers\agp440.sys
2009-09-03 22:25 230,912 a------- c:\windows\PEV.exe
2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-25 05:15 21,840 a------t c:\windows\system32\SIntfNT.dll
2009-07-25 05:15 17,212 a------t c:\windows\system32\SIntf32.dll
2009-07-25 05:15 12,067 a------t c:\windows\system32\SIntf16.dll
2009-07-17 14:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-06-26 12:18 659,456 -------- c:\windows\system32\wininet.dll
2009-06-26 12:18 81,920 -------- c:\windows\system32\ieencode.dll
2009-06-25 04:44 724,480 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:44 298,496 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:44 168,448 a------- c:\windows\system32\schannel.dll
2009-06-25 04:44 133,632 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:44 59,392 a------- c:\windows\system32\wdigest.dll
2009-06-25 04:44 56,320 a------- c:\windows\system32\secur32.dll
2009-06-16 10:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-12 07:50 76,288 a------- c:\windows\system32\telnet.exe
2007-08-18 12:32 2,236,088 a------- c:\program files\Bethesda Softworks.zip
2005-06-10 01:36 11,079 ----h--- c:\program files\folder.htt
2005-06-10 01:36 266 ----h--- c:\program files\desktop.ini

============= FINISH: 15:01:23.06 ===============

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 10 September 2009 - 12:43 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 15 September 2009 - 12:07 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users