Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Winavx.exe

Started by Coldplayer , Aug 29 2007 02:23 AM

  • Please log in to reply

#1
Coldplayer
Posted 29 August 2007 - 02:23 AM

Coldplayer

    New Member

  • Member
  • Pip
  • 8 posts
I just got infected with this virus....Its winavx.exe and now i cant see taskmgr control panel and my system restore is screwed....please help
  • 0

Advertisements

#2
Coldplayer
Posted 29 August 2007 - 05:33 AM

Coldplayer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
also system properties is screwed
  • 0

#3
Coldplayer
Posted 29 August 2007 - 06:18 AM

Coldplayer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:17:55 PM, on 29/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\Software3\AvastAntivirus\ashServ.exe
F:\SOFTWA~3\AvastAntivirus\ashDisp.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Bardia\LOCALS~1\Temp\{63496817-69D6-4D85-8153-3E4480A319D2}\Blaero Start Orb 2.0.exe
F:\Software3\AvastAntivirus\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
F:\Software3\Opera\Opera.exe
C:\DOCUME~1\Bardia\LOCALS~1\Temp\Rar$EX00.047\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\SOFTWA~3\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt
O4 - HKLM\..\Run: [avast!] F:\SOFTWA~3\AvastAntivirus\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
O4 - HKCU\..\Run: [Style Change Application] C:\Program Files\Styler\Styler.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [Blaero Start Orb 2.0] F:\Computer Optimization\StartOrb\Blaero Start Orb 2.0.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Add to &LinkFox - res://F:\SOFTWA~3\TWEAKM~1\TweakBHO.dll/IESCRIPT
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher...d=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher...d=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher...id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher...menu_ie_exclude
O8 - Extra context menu item: Download All Links with IDM - F:\Software3\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - F:\Software3\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - F:\Software3\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Software\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher...=menu_ie_report
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Software\Java\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Software\Java\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Software\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Software\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Software\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\SOFTWA~3\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\SOFTWA~3\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{639F4B80-88C7-438F-946B-26407BDF9D93}: NameServer = 203.2.75.132 198.142.0.51
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Software\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\msgrapp.8.5.1235.0517.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\msgrapp.8.5.1235.0517.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WBSrv - J:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Software3\AvastAntivirus\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Software3\AvastAntivirus\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - F:\Software3\AvastAntivirus\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - F:\Software3\VNC4\WinVNC4.exe" -service (file missing)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP