Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Monday 28.7.2025 / 10:24
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > my computer restarts if connected to network
Show topics
 
Forums
Forums
My Computer Restarts if connected to Network
  Jump to:
 
Posted Message
Minatek61
Newbie
_ 		11. October 2008 @ 16:29 _ Link to this message    Send private message to this user   
Hey guys, my Emachines running Windows XP has been having some virus trouble before, I got Trend Micro on it and alot of the messages are gone but a problem persists. I get to the desktop and if I'm plugged into the network to get online, my computer restarts. If I'm not plugged in it's fine, even after I boot and I'm on for a while, if I plug into the network it restarts after a few seconds.
Could a virus be doing this? What can I do?
I'm using a different pc for this post.
[ + quote]
Advertisement
_ 		__
kingy1213
Member

1 product review
_ 		11. October 2008 @ 19:57 _ Link to this message    Send private message to this user   
http://www.majorgeeks.com/download3155.html download hijack this and run that it will give u a big list of details in note pad post the list here and i will tell u the ones u need 2 delete.
[ + quote]
A computer once beat me at chess, but it was no match for me at kick boxing.
Minatek61
Newbie
_ 		11. October 2008 @ 23:21 _ Link to this message    Send private message to this user   
Thx for looking at this buddy, I've been using Hijack for a while but most of it means nothing to me, plus files like braviax keep coming back as you probably know. Any help would be greatly appreciated. Thx again.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:19 PM, on 10/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\system32\braviax.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Ken Bailey\Desktop\Hijack.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL (file missing)
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [imjpmig] C:\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpyClean] C:\Program Files\Netcom3 Cleaner\SpyClean.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-18\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/test...OnlineGames.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/inst...llMgr_v01_4.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/22416fa6d86d...ip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1126850652687
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O21 - SSODL: QPKVdZ - {9445A144-3EEF-0BEE-0E38-D1C893B8D374} - C:\WINDOWS\system32\eq.dll (file missing)
O23 - Service: Application Management AppMgmtPlugPlay (AppMgmtPlugPlay) - Unknown owner - C:\WINDOWS\
O23 - Service: Application Management AppMgmtPlugPlay AppMgmtPlugPlayHidServ (AppMgmtPlugPlayHidServ) - Unknown owner - C:\WINDOWS\
O23 - Service: Application Management AppMgmtPlugPlay AppMgmtPlugPlayHidServ AppMgmtPlugPlayHidServdmadminstisvcBITSMSDTC (AppMgmtPlugPlayHidServdmadminstisvcBITSMSDTC) - Unknown owner - C:\WINDOWS\
O23 - Service: Application Management AppMgmtSSDPSRV (AppMgmtSSDPSRV) - Unknown owner - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Background Intelligent Transfer Service BITSMSDTC (BITSMSDTC) - Unknown owner - C:\WINDOWS\
O23 - Service: Background Intelligent Transfer Service BITSMSDTC BITSMSDTCAppMgmtPlugPlay (bitsmsdtcappmgmtplugplay) - Unknown owner - C:\WINDOWS\
O23 - Service: Background Intelligent Transfer Service BITSusprserv (BITSusprserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Background Intelligent Transfer Service BITSusprserv BITSusprservmnmsrvcdmadmin (BITSusprservmnmsrvcdmadmin) - Unknown owner - C:\WINDOWS\
O23 - Service: Background Intelligent Transfer Service BITSWMPNetworkSvc (BITSWMPNetworkSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: COM+ System Application COMSysAppERSvcDhcpCryptSvc (comsysappersvcdhcpcryptsvc) - Unknown owner - C:\WINDOWS\
O23 - Service: COM+ System Application COMSysAppWudfSvc (COMSysAppWudfSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: COM+ System Application COMSysAppWudfSvc COMSysAppWudfSvcSwPrv (COMSysAppWudfSvcSwPrv) - Unknown owner - C:\WINDOWS\
O23 - Service: Cryptographic Services CryptSvcWMPNetworkSvc (CryptSvcWMPNetworkSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Cryptographic Services CryptSvcWMPNetworkSvc CryptSvcWMPNetworkSvcRSVP (cryptsvcwmpnetworksvcrsvp) - Unknown owner - C:\WINDOWS\
O23 - Service: Cryptographic Services CryptSvcWMPNetworkSvc CryptSvcWMPNetworkSvcWZCSVC (CryptSvcWMPNetworkSvcWZCSVC) - Unknown owner - C:\WINDOWS\
O23 - Service: Cryptographic Services CryptSvcWMPNetworkSvc CryptSvcWMPNetworkSvcWZCSVC CryptSvcWMPNetworkSvcWZCSVCRDSessMgr (cryptsvcwmpnetworksvcwzcsvcrdsessmgr) - Unknown owner - C:\WINDOWS\
O23 - Service: Cryptographic Services CryptSvcWMPNetworkSvc CryptSvcWMPNetworkSvcWZCSVC CryptSvcWMPNetworkSvcWZCSVCsrservicelanmanserver (CryptSvcWMPNetworkSvcWZCSVCsrservicelanmanserver) - Unknown owner - C:\WINDOWS\
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: DHCP Client DhcpDcomLaunch (DhcpDcomLaunch) - Unknown owner - C:\WINDOWS\
O23 - Service: DHCP Client DhcpDcomLaunch DhcpDcomLaunchlanmanworkstation (DhcpDcomLaunchlanmanworkstation) - Unknown owner - C:\WINDOWS\
O23 - Service: Logical Disk Manager Administrative Service dmadminstisvc (dmadminstisvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Logical Disk Manager Administrative Service dmadminstisvc dmadminstisvcBITSMSDTC (dmadminstisvcBITSMSDTC) - Unknown owner - C:\WINDOWS\
O23 - Service: dvpapi dvpapimnmsrvcdmadminLmHosts (dvpapimnmsrvcdmadminLmHosts) - Unknown owner - C:\WINDOWS\
O23 - Service: dvpapi dvpapiSLService (dvpapiSLService) - Unknown owner - C:\WINDOWS\
O23 - Service: dvpapi dvpapiSLService dvpapiSLServiceHTTPFilter (dvpapiSLServiceHTTPFilter) - Unknown owner - C:\WINDOWS\
O23 - Service: dvpapi dvpapiSLService dvpapiSLServiceHTTPFilter dvpapiSLServiceHTTPFilterSysmonLog (dvpapislservicehttpfiltersysmonlog) - Unknown owner - C:\WINDOWS\
O23 - Service: dvpapi dvpapiSLService dvpapiSLServiceRasManUPS (dvpapiSLServiceRasManUPS) - Unknown owner - C:\WINDOWS\
O23 - Service: dvpapi dvpapiSLService dvpapiSLServiceRDSessMgr (dvpapislservicerdsessmgr) - Unknown owner - C:\WINDOWS\
O23 - Service: Error Reporting Service ERSvcDhcp (ERSvcDhcp) - Unknown owner - C:\WINDOWS\
O23 - Service: Error Reporting Service ERSvcDhcp ERSvcDhcpCryptSvc (ERSvcDhcpCryptSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Error Reporting Service ERSvcImapiService (ERSvcImapiService) - Unknown owner - C:\WINDOWS\
O23 - Service: Event Log EventlogAppMgmtPlugPlayHidServ (EventlogAppMgmtPlugPlayHidServ) - Unknown owner - C:\WINDOWS\
O23 - Service: Fast User Switching Compatibility FastUserSwitchingCompatibilityCryptSvc (FastUserSwitchingCompatibilityCryptSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Fast User Switching Compatibility FastUserSwitchingCompatibilitySLService (fastuserswitchingcompatibilityslservice) - Unknown owner - C:\WINDOWS\
O23 - Service: HID Input Service HidServusprservcisvc (hidservusprservcisvc) - Unknown owner - C:\WINDOWS\
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcdmadmin (mnmsrvcdmadmin) - Unknown owner - C:\WINDOWS\
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcdmadmin mnmsrvcdmadminLmHosts (mnmsrvcdmadminLmHosts) - Unknown owner - C:\WINDOWS\
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcdmadminstisvcBITSMSDTC (mnmsrvcdmadminstisvcBITSMSDTC) - Unknown owner - C:\WINDOWS\
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcEventlog (mnmsrvcEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcmnmsrvcdmadmin (mnmsrvcmnmsrvcdmadmin) - Unknown owner - C:\WINDOWS\
O23 - Service: Distributed Transaction Coordinator MSDTCcisvc (MSDTCcisvc) - Unknown owner - C:\WINDOWS\
O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
O23 - Service: Network DDE NetDDERasManUPS (NetDDERasManUPS) - Unknown owner - C:\WINDOWS\
O23 - Service: Network DDE NetDDERasManUPS NetDDERasManUPSNetman (NetDDERasManUPSNetman) - Unknown owner - C:\WINDOWS\
O23 - Service: Network DDE NetDDEWmdmPmSN (NetDDEWmdmPmSN) - Unknown owner - C:\WINDOWS\
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NT LM Security Support Provider NtLmSspSENS (NtLmSspSENS) - Unknown owner - C:\WINDOWS\
O23 - Service: Plug and Play PlugPlayRSVP (PlugPlayRSVP) - Unknown owner - C:\WINDOWS\
O23 - Service: Plug and Play PlugPlayRSVP PlugPlayRSVP HotKey Poller (PlugPlayRSVP HotKey Poller) - Unknown owner - C:\WINDOWS\
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Access Connection Manager RasManmnmsrvc (RasManmnmsrvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Remote Access Connection Manager RasManUPS (RasManUPS) - Unknown owner - C:\WINDOWS\
O23 - Service: Remote Access Connection Manager RasManUPS RasManUPSRDSessMgr (rasmanupsrdsessmgr) - Unknown owner - C:\WINDOWS\
O23 - Service: Routing and Remote Access RemoteAccessBITS (RemoteAccessBITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Routing and Remote Access RemoteAccessDhcpDcomLaunch (RemoteAccessDhcpDcomLaunch) - Unknown owner - C:\WINDOWS\
O23 - Service: Routing and Remote Access RemoteAccessDhcpDcomLaunch RemoteAccessDhcpDcomLaunchAppMgmtPlugPlay (RemoteAccessDhcpDcomLaunchAppMgmtPlugPlay) - Unknown owner - C:\WINDOWS\
O23 - Service: Security Accounts Manager SamSsSLServiceCryptSvcWMPNetworkSvcWZCSVCusprserv (samssslservicecryptsvcwmpnetworksvcwzcsvcusprserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Smart Card SCardSvrProtectedStorage (SCardSvrProtectedStorage) - Unknown owner - C:\WINDOWS\
O23 - Service: Task Scheduler ScheduleThemes (schedulethemes) - Unknown owner - C:\WINDOWS\
O23 - Service: Trend Micro Central Control Component (sfctlcom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) SharedAccessSLService (SharedAccessSLService) - Unknown owner - C:\WINDOWS\
O23 - Service: SmartLinkService SLServiceCryptSvcWMPNetworkSvcWZCSVC (SLServiceCryptSvcWMPNetworkSvcWZCSVC) - Unknown owner - C:\WINDOWS\
O23 - Service: SmartLinkService SLServiceCryptSvcWMPNetworkSvcWZCSVC SLServiceCryptSvcWMPNetworkSvcWZCSVCusprserv (SLServiceCryptSvcWMPNetworkSvcWZCSVCusprserv) - Unknown owner - C:\WINDOWS\
O23 - Service: SmartLinkService SLServiceMSIServer (SLServiceMSIServer) - Unknown owner - C:\WINDOWS\
O23 - Service: SmartLinkService SLServiceseclogon (SLServiceseclogon) - Unknown owner - C:\WINDOWS\
O23 - Service: System Restore Service srservice AntiVirus Server (srservice antivirus server) - Unknown owner - C:\WINDOWS\
O23 - Service: System Restore Service srservice HotKey Poller (srservice HotKey Poller) - Unknown owner - C:\WINDOWS\
O23 - Service: System Restore Service srserviceEventlog (srserviceeventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: System Restore Service srservicelanmanserver (srservicelanmanserver) - Unknown owner - C:\WINDOWS\
O23 - Service: System Restore Service srservicelanmanserver srservicelanmanserverRasAuto (srservicelanmanserverrasauto) - Unknown owner - C:\WINDOWS\
O23 - Service: SSDP Discovery Service SSDPSRVBITSusprserv (SSDPSRVBITSusprserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Trend Micro Unauthorized Change Prevention Service (tmbmserver) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (tmpfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: User Privilege Service usprservcisvc (usprservcisvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Volume Shadow Copy VSSDefWatch (VSSDefWatch) - Unknown owner - C:\WINDOWS\
O23 - Service: Volume Shadow Copy VSSDefWatch VSSDefWatchPolicyAgent (VSSDefWatchPolicyAgent) - Unknown owner - C:\WINDOWS\
O23 - Service: Security Center wscsvcW32Time (wscsvcW32Time) - Unknown owner - C:\WINDOWS\
O23 - Service: Network Provisioning Service xmlprovRpcLocator (xmlprovRpcLocator) - Unknown owner - C:\WINDOWS\

--
End of file - 16517 bytes
[ + quote]
kingy1213
Member

1 product review
_ 		12. October 2008 @ 01:28 _ Link to this message    Send private message to this user   
i there's are the nasties that need removing

C:\WINDOWS\system32\braviax.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL (file missing)

O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe

O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe

O4 - HKCU\..\Run: [SpyClean] C:\Program Files\Netcom3 Cleaner\SpyClean.exe

O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe

O4 - HKUS\S-1-5-18\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe (User 'SYSTEM')

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

all those 1s at the end that say "Unknown owner" my b bad it would b safe 2 remove this i think if ur problem continues.

this is how u manually remove braviax (worked 4 me when i had it)

Step 1: Use Windows File Search Tool to Find braviax.exe Path


- Go to Start > Search > All Files or Folders.

- In the "All or part of the the file name" section, type in "braviax.exe" file name(s).

- To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.

- When Windows finishes your search, hover over the "In Folder" of "braviax.exe", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete braviax.exe in the following manual removal steps.

Step 2: Use Windows Task Manager to Remove braviax.exe Processes


- To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.

- Click on the "Image Name" button to search for "braviax.exe" process by name.

- Select the "braviax.exe" process and click on the "End Process" button to kill it.

Step 3: Detect and Delete Other braviax.exe Files
To open the Windows Command Prompt, go to Start > Run > cmd and then press the "OK" button.

- Type in "dir /A name_of_the_folder" (for example, C:\Spyware-
folder), which will display the folder's content even the hidden files.

- To change directory, type in "cd name_of_the_folder".
Once you have the file you're looking for type in del "name_of_the_file".

- To delete a file in folder, type in "del name_of_the_file".

- To delete the entire folder, type in "rmdir /S name_of_the_folder".

- Select the "braviax.exe" process and click on the "End Process" button to kill it.

all so try and download spy bot search and destroy








[ + quote]
A computer once beat me at chess, but it was no match for me at kick boxing.
Minatek61
Newbie
_ 		12. October 2008 @ 12:13 _ Link to this message    Send private message to this user   
Thx alot, worked at it and I think it's gone, though the restarting, I think, was caused by brastk.exe. Got rid of that and I'm back up, still has this warning saying "your computer is infected with spyware" but I'll save that for another day. Thx again.
[ + quote]
cdavfrew
Senior Member
_ 		12. October 2008 @ 23:39 _ Link to this message    Send private message to this user   
Hey Minate61

We can try to clean your computer completely.

Please download Superantispyware Free and install it. Follow the prompts and reboot if required.

Launch Superantispyware Free either by running C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.exe or right-click on the SuperAntispyware icon in your task bar (it looks like a bug) and click on Scan for Spyware, Adware, Malware...

Configuring SuperAntispyware

? Click on Preferences.
? In the tab General and Startup, make sure the box Start SuperAntispyware when Windows starts is unchecked. This will prevent SuperAntispyware from starting everytime, because it may interfere with other fixes that may be run.
? Navigate to the tab Scanning Control.
? Make sure only these boxes are checked: 
Close browsers before scanning

Scan for tracking cookies

Terminate memory threats before quarantining

Scan Alternate Data Streams

Use Kernel Direct File Access (recommended)

Use Kernel Direct Registry Access (recommended)

Use Direct Disk Access (recommended)

? Click on Close.

Updating SuperAntispyware

? At the main window, click on Check for Updates....
? Wait for SuperAntispyware to be fully updated.

Scanning Time

? Boot into safe mode by repeatedly pressing the F8 key after you press the power button. If safe mode does not work, tell me and do the scan in normal mode.
? Launch SuperAntispyware.
? At the main window, click on Scan your Computer....
? Make sure all drives (excluding CD drives) are checked, select Perform Complete Scan, and then click on Next.
? Wait for the scan to complete, and then click on Next>. This will quarantine and remove all detected items.
? Reboot your computer.

Post A Log

? Launch SuperAntispyware
? Click on Preferences
? Navigate to the tab Statistics/Logs.
? Choose the latest scan log, and the click on View Log....
? Copy and paste the contents of the log here in your next post.

Best Regards :D
[ + quote]
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.

Minatek61
Newbie
_ 		13. October 2008 @ 10:42 _ Link to this message    Send private message to this user   
Botted up this monring and brastk.exe is back. I delete them in safe mode with system restore off but something else keeps putting it back.

I got the program, Superantispyware, but it won't open, tried run and clicking on the icon, just a short busy signal, less then a second, and then nothing. Tried altering the name a bit (how I got it to install) and still nothing. Even in safe mode.

Needs help...
[ + quote]
cdavfrew
Senior Member
_ 		14. October 2008 @ 00:52 _ Link to this message    Send private message to this user   
Hey Minatex61

Now, please download ComboFix.
With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.

Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.

? Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
? Wait for the scan to be completed.
? If it requires a reboot, please do it.
? After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Do not click on the ComoboFix window, as it may cause it to stall.

Best Regards :D
[ + quote]
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.

Minatek61
Newbie
_ 		14. October 2008 @ 16:40 _ Link to this message    Send private message to this user   
Hey, thx alot for advice. Didn't do the ComboFix yet, but it looks like Superantispyware took care of the problem. Restarts and false alerts are gone, as well as braviax and brastk. Should I still go with the Combofix?

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/14/2008 at 01:22 PM

Application Version : 4.21.1004

Core Rules Database Version : 3595
Trace Rules Database Version: 1582

Scan type : Complete Scan
Total Scan Time : 02:21:11

Memory items scanned : 402
Memory threats detected : 2
Registry items scanned : 5325
Registry threats detected : 26
File items scanned : 70948
File threats detected : 9

Trojan.Unclassified/Dropper-WinNT32
C:\WINDOWS\SYSTEM32\WINCTRL32.DLL
C:\WINDOWS\SYSTEM32\WINCTRL32.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\WinCtrl32

Trojan.Downloader-Gen
C:\WINDOWS\SYSTEM32\BRASTK.EXE
C:\WINDOWS\SYSTEM32\BRASTK.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#brastk [ brastk.exe ]
C:\WINDOWS\Prefetch\BRASTK.EXE-0B71D44C.pf

Rootkit.Cloaked/Service-GEN
HKLM\system\controlset001\services\ea6049bd
C:\WINDOWS\SYSTEM32\DRIVERS\EA6049BD.SYS
HKLM\system\controlset002\services\ea6049bd

Trojan.DNSChanger-Codec
HKU\s-1-5-21-650978795-568730901-2704639424-1005\Software\uninstall

Rogue.Netcom3/SpyClean
HKLM\SYSTEM\CurrentControlSet\Services\Netcom3
HKLM\SYSTEM\CurrentControlSet\Services\Netcom3#Type
HKLM\SYSTEM\CurrentControlSet\Services\Netcom3#Start
HKLM\SYSTEM\CurrentControlSet\Services\Netcom3#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\Netcom3#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\Netcom3#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\Netcom3#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\Netcom3\Security
HKLM\SYSTEM\CurrentControlSet\Services\Netcom3\Security#Security

Rogue.AntiSpywareExpert
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\WinCtrl32
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\WinCtrl32#DLLName
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\WinCtrl32#StartShell
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\WinCtrl32#Impersonate
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\WinCtrl32#Asynchronous

Rogue.WinAntiSpyware2008
C:\Documents and Settings\Ken Bailey\Application Data\Microsoft\Internet Explorer\Quick Launch\WinAntispyware2008.lnk

Trojan.FakeAlert/Desktop
HKU\.DEFAULT\CONTROL PANEL\DESKTOP#WALLPAPER
HKU\.DEFAULT\CONTROL PANEL\DESKTOP#ORIGINALWALLPAPER
HKU\.DEFAULT\CONTROL PANEL\DESKTOP#CONVERTEDWALLPAPER
HKU\S-1-5-18\CONTROL PANEL\DESKTOP#WALLPAPER
HKU\S-1-5-18\CONTROL PANEL\DESKTOP#ORIGINALWALLPAPER
HKU\S-1-5-18\CONTROL PANEL\DESKTOP#CONVERTEDWALLPAPER

Rogue.XP AntiSpyware 2009
HKU\s-1-5-21-650978795-568730901-2704639424-1005\Control Panel\don't load#wscui.cpl [ No ]

Adware.Tracking Cookie
C:\WINDOWS\temp\Cookies\ken bailey@emarketmakers[1].txt
C:\WINDOWS\temp\Cookies\ken bailey@adprofile[1].txt
C:\WINDOWS\temp\Cookies\ken bailey@azjmp[2].txt
C:\WINDOWS\temp\Cookies\ken bailey@optimost[2].txt
[ + quote]
Advertisement
_ 		__
 
_
cdavfrew
Senior Member
_ 		14. October 2008 @ 23:16 _ Link to this message    Send private message to this user   
Hey Minate61

Yes, still do it anyways.

Best Regards :D
[ + quote]
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > my computer restarts if connected to network
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork