Hey guys, my Emachines running Windows XP has been having some virus trouble before, I got Trend Micro on it and alot of the messages are gone but a problem persists. I get to the desktop and if I'm plugged into the network to get online, my computer restarts. If I'm not plugged in it's fine, even after I boot and I'm on for a while, if I plug into the network it restarts after a few seconds. Could a virus be doing this? What can I do? I'm using a different pc for this post.
http://www.majorgeeks.com/download3155.html download hijack this and run that it will give u a big list of details in note pad post the list here and i will tell u the ones u need 2 delete.
Thx for looking at this buddy, I've been using Hijack for a while but most of it means nothing to me, plus files like braviax keep coming back as you probably know. Any help would be greatly appreciated. Thx again. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:16:19 PM, on 10/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Verizon\McciTrayApp.exe C:\Program Files\Verizon\VSP\VerizonServicepoint.exe C:\WINDOWS\system32\braviax.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\system32\msiexec.exe C:\Documents and Settings\Ken Bailey\Desktop\Hijack.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/ O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL (file missing) O4 - HKLM\..\Run: [VTPreset] VTPreset.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [imjpmig] C:\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpyClean] C:\Program Files\Netcom3 Cleaner\SpyClean.exe O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe O4 - HKUS\S-1-5-18\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_4.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/22416fa6d86d3570e017/netzip/RdxIE601.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126850652687 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab O18 - Filter hijack: text/html - (no CLSID) - (no file) O20 - AppInit_DLLs: karna.dat O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll O21 - SSODL: QPKVdZ - {9445A144-3EEF-0BEE-0E38-D1C893B8D374} - C:\WINDOWS\system32\eq.dll (file missing) O23 - Service: Application Management AppMgmtPlugPlay (AppMgmtPlugPlay) - Unknown owner - C:\WINDOWS\ O23 - Service: Application Management AppMgmtPlugPlay AppMgmtPlugPlayHidServ (AppMgmtPlugPlayHidServ) - Unknown owner - C:\WINDOWS\ O23 - Service: Application Management AppMgmtPlugPlay AppMgmtPlugPlayHidServ AppMgmtPlugPlayHidServdmadminstisvcBITSMSDTC (AppMgmtPlugPlayHidServdmadminstisvcBITSMSDTC) - Unknown owner - C:\WINDOWS\ O23 - Service: Application Management AppMgmtSSDPSRV (AppMgmtSSDPSRV) - Unknown owner - C:\WINDOWS\ O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Background Intelligent Transfer Service BITSMSDTC (BITSMSDTC) - Unknown owner - C:\WINDOWS\ O23 - Service: Background Intelligent Transfer Service BITSMSDTC BITSMSDTCAppMgmtPlugPlay (bitsmsdtcappmgmtplugplay) - Unknown owner - C:\WINDOWS\ O23 - Service: Background Intelligent Transfer Service BITSusprserv (BITSusprserv) - Unknown owner - C:\WINDOWS\ O23 - Service: Background Intelligent Transfer Service BITSusprserv BITSusprservmnmsrvcdmadmin (BITSusprservmnmsrvcdmadmin) - Unknown owner - C:\WINDOWS\ O23 - Service: Background Intelligent Transfer Service BITSWMPNetworkSvc (BITSWMPNetworkSvc) - Unknown owner - C:\WINDOWS\ O23 - Service: COM+ System Application COMSysAppERSvcDhcpCryptSvc (comsysappersvcdhcpcryptsvc) - Unknown owner - C:\WINDOWS\ O23 - Service: COM+ System Application COMSysAppWudfSvc (COMSysAppWudfSvc) - Unknown owner - C:\WINDOWS\ O23 - Service: COM+ System Application COMSysAppWudfSvc COMSysAppWudfSvcSwPrv (COMSysAppWudfSvcSwPrv) - Unknown owner - C:\WINDOWS\ O23 - Service: Cryptographic Services CryptSvcWMPNetworkSvc (CryptSvcWMPNetworkSvc) - Unknown owner - C:\WINDOWS\ O23 - Service: Cryptographic Services CryptSvcWMPNetworkSvc CryptSvcWMPNetworkSvcRSVP (cryptsvcwmpnetworksvcrsvp) - Unknown owner - C:\WINDOWS\ O23 - Service: Cryptographic Services CryptSvcWMPNetworkSvc CryptSvcWMPNetworkSvcWZCSVC (CryptSvcWMPNetworkSvcWZCSVC) - Unknown owner - C:\WINDOWS\ O23 - Service: Cryptographic Services CryptSvcWMPNetworkSvc CryptSvcWMPNetworkSvcWZCSVC CryptSvcWMPNetworkSvcWZCSVCRDSessMgr (cryptsvcwmpnetworksvcwzcsvcrdsessmgr) - Unknown owner - C:\WINDOWS\ O23 - Service: Cryptographic Services CryptSvcWMPNetworkSvc CryptSvcWMPNetworkSvcWZCSVC CryptSvcWMPNetworkSvcWZCSVCsrservicelanmanserver (CryptSvcWMPNetworkSvcWZCSVCsrservicelanmanserver) - Unknown owner - C:\WINDOWS\ O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: DHCP Client DhcpDcomLaunch (DhcpDcomLaunch) - Unknown owner - C:\WINDOWS\ O23 - Service: DHCP Client DhcpDcomLaunch DhcpDcomLaunchlanmanworkstation (DhcpDcomLaunchlanmanworkstation) - Unknown owner - C:\WINDOWS\ O23 - Service: Logical Disk Manager Administrative Service dmadminstisvc (dmadminstisvc) - Unknown owner - C:\WINDOWS\ O23 - Service: Logical Disk Manager Administrative Service dmadminstisvc dmadminstisvcBITSMSDTC (dmadminstisvcBITSMSDTC) - Unknown owner - C:\WINDOWS\ O23 - Service: dvpapi dvpapimnmsrvcdmadminLmHosts (dvpapimnmsrvcdmadminLmHosts) - Unknown owner - C:\WINDOWS\ O23 - Service: dvpapi dvpapiSLService (dvpapiSLService) - Unknown owner - C:\WINDOWS\ O23 - Service: dvpapi dvpapiSLService dvpapiSLServiceHTTPFilter (dvpapiSLServiceHTTPFilter) - Unknown owner - C:\WINDOWS\ O23 - Service: dvpapi dvpapiSLService dvpapiSLServiceHTTPFilter dvpapiSLServiceHTTPFilterSysmonLog (dvpapislservicehttpfiltersysmonlog) - Unknown owner - C:\WINDOWS\ O23 - Service: dvpapi dvpapiSLService dvpapiSLServiceRasManUPS (dvpapiSLServiceRasManUPS) - Unknown owner - C:\WINDOWS\ O23 - Service: dvpapi dvpapiSLService dvpapiSLServiceRDSessMgr (dvpapislservicerdsessmgr) - Unknown owner - C:\WINDOWS\ O23 - Service: Error Reporting Service ERSvcDhcp (ERSvcDhcp) - Unknown owner - C:\WINDOWS\ O23 - Service: Error Reporting Service ERSvcDhcp ERSvcDhcpCryptSvc (ERSvcDhcpCryptSvc) - Unknown owner - C:\WINDOWS\ O23 - Service: Error Reporting Service ERSvcImapiService (ERSvcImapiService) - Unknown owner - C:\WINDOWS\ O23 - Service: Event Log EventlogAppMgmtPlugPlayHidServ (EventlogAppMgmtPlugPlayHidServ) - Unknown owner - C:\WINDOWS\ O23 - Service: Fast User Switching Compatibility FastUserSwitchingCompatibilityCryptSvc (FastUserSwitchingCompatibilityCryptSvc) - Unknown owner - C:\WINDOWS\ O23 - Service: Fast User Switching Compatibility FastUserSwitchingCompatibilitySLService (fastuserswitchingcompatibilityslservice) - Unknown owner - C:\WINDOWS\ O23 - Service: HID Input Service HidServusprservcisvc (hidservusprservcisvc) - Unknown owner - C:\WINDOWS\ O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcdmadmin (mnmsrvcdmadmin) - Unknown owner - C:\WINDOWS\ O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcdmadmin mnmsrvcdmadminLmHosts (mnmsrvcdmadminLmHosts) - Unknown owner - C:\WINDOWS\ O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcdmadminstisvcBITSMSDTC (mnmsrvcdmadminstisvcBITSMSDTC) - Unknown owner - C:\WINDOWS\ O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcEventlog (mnmsrvcEventlog) - Unknown owner - C:\WINDOWS\ O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcmnmsrvcdmadmin (mnmsrvcmnmsrvcdmadmin) - Unknown owner - C:\WINDOWS\ O23 - Service: Distributed Transaction Coordinator MSDTCcisvc (MSDTCcisvc) - Unknown owner - C:\WINDOWS\ O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing) O23 - Service: Network DDE NetDDERasManUPS (NetDDERasManUPS) - Unknown owner - C:\WINDOWS\ O23 - Service: Network DDE NetDDERasManUPS NetDDERasManUPSNetman (NetDDERasManUPSNetman) - Unknown owner - C:\WINDOWS\ O23 - Service: Network DDE NetDDEWmdmPmSN (NetDDEWmdmPmSN) - Unknown owner - C:\WINDOWS\ O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: NT LM Security Support Provider NtLmSspSENS (NtLmSspSENS) - Unknown owner - C:\WINDOWS\ O23 - Service: Plug and Play PlugPlayRSVP (PlugPlayRSVP) - Unknown owner - C:\WINDOWS\ O23 - Service: Plug and Play PlugPlayRSVP PlugPlayRSVP HotKey Poller (PlugPlayRSVP HotKey Poller) - Unknown owner - C:\WINDOWS\ O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Remote Access Connection Manager RasManmnmsrvc (RasManmnmsrvc) - Unknown owner - C:\WINDOWS\ O23 - Service: Remote Access Connection Manager RasManUPS (RasManUPS) - Unknown owner - C:\WINDOWS\ O23 - Service: Remote Access Connection Manager RasManUPS RasManUPSRDSessMgr (rasmanupsrdsessmgr) - Unknown owner - C:\WINDOWS\ O23 - Service: Routing and Remote Access RemoteAccessBITS (RemoteAccessBITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Routing and Remote Access RemoteAccessDhcpDcomLaunch (RemoteAccessDhcpDcomLaunch) - Unknown owner - C:\WINDOWS\ O23 - Service: Routing and Remote Access RemoteAccessDhcpDcomLaunch RemoteAccessDhcpDcomLaunchAppMgmtPlugPlay (RemoteAccessDhcpDcomLaunchAppMgmtPlugPlay) - Unknown owner - C:\WINDOWS\ O23 - Service: Security Accounts Manager SamSsSLServiceCryptSvcWMPNetworkSvcWZCSVCusprserv (samssslservicecryptsvcwmpnetworksvcwzcsvcusprserv) - Unknown owner - C:\WINDOWS\ O23 - Service: Smart Card SCardSvrProtectedStorage (SCardSvrProtectedStorage) - Unknown owner - C:\WINDOWS\ O23 - Service: Task Scheduler ScheduleThemes (schedulethemes) - Unknown owner - C:\WINDOWS\ O23 - Service: Trend Micro Central Control Component (sfctlcom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) SharedAccessSLService (SharedAccessSLService) - Unknown owner - C:\WINDOWS\ O23 - Service: SmartLinkService SLServiceCryptSvcWMPNetworkSvcWZCSVC (SLServiceCryptSvcWMPNetworkSvcWZCSVC) - Unknown owner - C:\WINDOWS\ O23 - Service: SmartLinkService SLServiceCryptSvcWMPNetworkSvcWZCSVC SLServiceCryptSvcWMPNetworkSvcWZCSVCusprserv (SLServiceCryptSvcWMPNetworkSvcWZCSVCusprserv) - Unknown owner - C:\WINDOWS\ O23 - Service: SmartLinkService SLServiceMSIServer (SLServiceMSIServer) - Unknown owner - C:\WINDOWS\ O23 - Service: SmartLinkService SLServiceseclogon (SLServiceseclogon) - Unknown owner - C:\WINDOWS\ O23 - Service: System Restore Service srservice AntiVirus Server (srservice antivirus server) - Unknown owner - C:\WINDOWS\ O23 - Service: System Restore Service srservice HotKey Poller (srservice HotKey Poller) - Unknown owner - C:\WINDOWS\ O23 - Service: System Restore Service srserviceEventlog (srserviceeventlog) - Unknown owner - C:\WINDOWS\ O23 - Service: System Restore Service srservicelanmanserver (srservicelanmanserver) - Unknown owner - C:\WINDOWS\ O23 - Service: System Restore Service srservicelanmanserver srservicelanmanserverRasAuto (srservicelanmanserverrasauto) - Unknown owner - C:\WINDOWS\ O23 - Service: SSDP Discovery Service SSDPSRVBITSusprserv (SSDPSRVBITSusprserv) - Unknown owner - C:\WINDOWS\ O23 - Service: Trend Micro Unauthorized Change Prevention Service (tmbmserver) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (tmpfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: User Privilege Service usprservcisvc (usprservcisvc) - Unknown owner - C:\WINDOWS\ O23 - Service: Volume Shadow Copy VSSDefWatch (VSSDefWatch) - Unknown owner - C:\WINDOWS\ O23 - Service: Volume Shadow Copy VSSDefWatch VSSDefWatchPolicyAgent (VSSDefWatchPolicyAgent) - Unknown owner - C:\WINDOWS\ O23 - Service: Security Center wscsvcW32Time (wscsvcW32Time) - Unknown owner - C:\WINDOWS\ O23 - Service: Network Provisioning Service xmlprovRpcLocator (xmlprovRpcLocator) - Unknown owner - C:\WINDOWS\ -- End of file - 16517 bytes
i there's are the nasties that need removing C:\WINDOWS\system32\braviax.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL (file missing) O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe O4 - HKCU\..\Run: [SpyClean] C:\Program Files\Netcom3 Cleaner\SpyClean.exe O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe O4 - HKUS\S-1-5-18\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe (User 'SYSTEM') O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) all those 1s at the end that say "Unknown owner" my b bad it would b safe 2 remove this i think if ur problem continues. this is how u manually remove braviax (worked 4 me when i had it) Step 1: Use Windows File Search Tool to Find braviax.exe Path - Go to Start > Search > All Files or Folders. - In the "All or part of the the file name" section, type in "braviax.exe" file name(s). - To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button. - When Windows finishes your search, hover over the "In Folder" of "braviax.exe", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete braviax.exe in the following manual removal steps. Step 2: Use Windows Task Manager to Remove braviax.exe Processes - To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC. - Click on the "Image Name" button to search for "braviax.exe" process by name. - Select the "braviax.exe" process and click on the "End Process" button to kill it. Step 3: Detect and Delete Other braviax.exe Files To open the Windows Command Prompt, go to Start > Run > cmd and then press the "OK" button. - Type in "dir /A name_of_the_folder" (for example, C:\Spyware- folder), which will display the folder's content even the hidden files. - To change directory, type in "cd name_of_the_folder". Once you have the file you're looking for type in del "name_of_the_file". - To delete a file in folder, type in "del name_of_the_file". - To delete the entire folder, type in "rmdir /S name_of_the_folder". - Select the "braviax.exe" process and click on the "End Process" button to kill it. all so try and download spy bot search and destroy
Thx alot, worked at it and I think it's gone, though the restarting, I think, was caused by brastk.exe. Got rid of that and I'm back up, still has this warning saying "your computer is infected with spyware" but I'll save that for another day. Thx again.
Hey Minate61 We can try to clean your computer completely. Please download Superantispyware Free and install it. Follow the prompts and reboot if required. Launch Superantispyware Free either by running C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.exe or right-click on the SuperAntispyware icon in your task bar (it looks like a bug) and click on Scan for Spyware, Adware, Malware... Configuring SuperAntispyware • Click on Preferences. • In the tab General and Startup, make sure the box Start SuperAntispyware when Windows starts is unchecked. This will prevent SuperAntispyware from starting everytime, because it may interfere with other fixes that may be run. • Navigate to the tab Scanning Control. • Make sure only these boxes are checked: Code: Close browsers before scanning Scan for tracking cookies Terminate memory threats before quarantining Scan Alternate Data Streams Use Kernel Direct File Access (recommended) Use Kernel Direct Registry Access (recommended) Use Direct Disk Access (recommended) • Click on Close. Updating SuperAntispyware • At the main window, click on Check for Updates.... • Wait for SuperAntispyware to be fully updated. Scanning Time • Boot into safe mode by repeatedly pressing the F8 key after you press the power button. If safe mode does not work, tell me and do the scan in normal mode. • Launch SuperAntispyware. • At the main window, click on Scan your Computer.... • Make sure all drives (excluding CD drives) are checked, select Perform Complete Scan, and then click on Next. • Wait for the scan to complete, and then click on Next>. This will quarantine and remove all detected items. • Reboot your computer. Post A Log • Launch SuperAntispyware • Click on Preferences • Navigate to the tab Statistics/Logs. • Choose the latest scan log, and the click on View Log.... • Copy and paste the contents of the log here in your next post. Best Regards
Botted up this monring and brastk.exe is back. I delete them in safe mode with system restore off but something else keeps putting it back. I got the program, Superantispyware, but it won't open, tried run and clicking on the icon, just a short busy signal, less then a second, and then nothing. Tried altering the name a bit (how I got it to install) and still nothing. Even in safe mode. Needs help...
Hey Minatex61 Now, please download ComboFix. With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it. Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection. • Run Combo-Fix.exe and follow the prompts. **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later. • Wait for the scan to be completed. • If it requires a reboot, please do it. • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt) Do not click on the ComoboFix window, as it may cause it to stall. Best Regards
Hey, thx alot for advice. Didn't do the ComboFix yet, but it looks like Superantispyware took care of the problem. Restarts and false alerts are gone, as well as braviax and brastk. Should I still go with the Combofix? SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 10/14/2008 at 01:22 PM Application Version : 4.21.1004 Core Rules Database Version : 3595 Trace Rules Database Version: 1582 Scan type : Complete Scan Total Scan Time : 02:21:11 Memory items scanned : 402 Memory threats detected : 2 Registry items scanned : 5325 Registry threats detected : 26 File items scanned : 70948 File threats detected : 9 Trojan.Unclassified/Dropper-WinNT32 C:\WINDOWS\SYSTEM32\WINCTRL32.DLL C:\WINDOWS\SYSTEM32\WINCTRL32.DLL Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\WinCtrl32 Trojan.Downloader-Gen C:\WINDOWS\SYSTEM32\BRASTK.EXE C:\WINDOWS\SYSTEM32\BRASTK.EXE HKLM\Software\Microsoft\Windows\CurrentVersion\Run#brastk [ brastk.exe ] C:\WINDOWS\Prefetch\BRASTK.EXE-0B71D44C.pf Rootkit.Cloaked/Service-GEN HKLM\system\controlset001\services\ea6049bd C:\WINDOWS\SYSTEM32\DRIVERS\EA6049BD.SYS HKLM\system\controlset002\services\ea6049bd Trojan.DNSChanger-Codec HKU\s-1-5-21-650978795-568730901-2704639424-1005\Software\uninstall Rogue.Netcom3/SpyClean HKLM\SYSTEM\CurrentControlSet\Services\Netcom3 HKLM\SYSTEM\CurrentControlSet\Services\Netcom3#Type HKLM\SYSTEM\CurrentControlSet\Services\Netcom3#Start HKLM\SYSTEM\CurrentControlSet\Services\Netcom3#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\Netcom3#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\Netcom3#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\Netcom3#ObjectName HKLM\SYSTEM\CurrentControlSet\Services\Netcom3\Security HKLM\SYSTEM\CurrentControlSet\Services\Netcom3\Security#Security Rogue.AntiSpywareExpert HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\WinCtrl32 HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\WinCtrl32#DLLName HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\WinCtrl32#StartShell HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\WinCtrl32#Impersonate HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\WinCtrl32#Asynchronous Rogue.WinAntiSpyware2008 C:\Documents and Settings\Ken Bailey\Application Data\Microsoft\Internet Explorer\Quick Launch\WinAntispyware2008.lnk Trojan.FakeAlert/Desktop HKU\.DEFAULT\CONTROL PANEL\DESKTOP#WALLPAPER HKU\.DEFAULT\CONTROL PANEL\DESKTOP#ORIGINALWALLPAPER HKU\.DEFAULT\CONTROL PANEL\DESKTOP#CONVERTEDWALLPAPER HKU\S-1-5-18\CONTROL PANEL\DESKTOP#WALLPAPER HKU\S-1-5-18\CONTROL PANEL\DESKTOP#ORIGINALWALLPAPER HKU\S-1-5-18\CONTROL PANEL\DESKTOP#CONVERTEDWALLPAPER Rogue.XP AntiSpyware 2009 HKU\s-1-5-21-650978795-568730901-2704639424-1005\Control Panel\don't load#wscui.cpl [ No ] Adware.Tracking Cookie C:\WINDOWS\temp\Cookies\ken bailey@emarketmakers[1].txt C:\WINDOWS\temp\Cookies\ken bailey@adprofile[1].txt C:\WINDOWS\temp\Cookies\ken bailey@azjmp[2].txt C:\WINDOWS\temp\Cookies\ken bailey@optimost[2].txt
