Sign in to follow this  
Nightmare

PLEASE HEEEEEEELPPP ADWARE AND VIRUSES !!!

Recommended Posts

ok i am from Poland and i have bad english so i scan with panda activescan and i have this report:

 

Adware:adware/e2give cen't recover Windows Registry

Adware:adware/savenow can't recover Windows Registry

 

so i cant delete it ;)

please help me this sucky files freeze my CPU :)

please help me quick :)

sorry for my bad english :)

Share this post


Link to post
Share on other sites
please help me

 

 

1. Download this file - combofix.exe

http://download.bleepingcomputer.com/sUBs/combofix.exe

 

2. Double click on combofix.exe & follow the prompts.

 

Note: If you receive a popup with a Disclaimer, read that and answer Y for yes (or N for no)

Y is recommended (if you put N, the tool will exit without fixing and will remove the combofix file and folders)

 

Do NOT click on the window while the fix is running, because that will cause your system to hang and the fix to stall.

 

3. When finished, it shall produce a log for you. Post that log in your next reply

 

 

use this tool HJT

www.merijn.org/files/hijackthis.zip

 

unzip it and save on your desktop

run HJT 'do a system scan and save log' post a log here

Share this post


Link to post
Share on other sites

ok i scan >_< this is log:

 

Logfile of HijackThis v1.99.1

Scan saved at 12:36, on 06-12-08

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Konrad\Pulpit\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza

F2 - REG:system.ini: UserInit=userinit.exe

O3 - Toolbar: Protection Bar - {bf1ced2c-4b3f-4079-a330-864eda5a4cff} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activeX/SpywareScanner.ocx

O16 - DPF: {3C403675-B43C-410B-BF56-D4D1FB68356C} (ActiveXPortal Control) - http://72.29.84.224/OCX/gwnet.cab

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.modgik.lodz.pl/Mapa/mgaxctrl.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4ABCE170-06FB-41BE-8157-190DDDCA9403}: NameServer = 85.255.114.51,85.255.112.8

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.51 85.255.112.8

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.51 85.255.112.8

O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll

O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - (no file)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Share this post


Link to post
Share on other sites

Hello,Nightmare & Welcome

 

It looks like you did the scan from Safe Mode.?

if so please run the scan in normal mode

then show us a new HijackThis logfile.

 

 

Gogo :)

Share this post


Link to post
Share on other sites
Sign in to follow this