PLEASE HEEEEEEELPPP ADWARE AND VIRUSES !!!

Welcome Guest ( Log In | Register )

Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive General Support Issues

PLEASE HEEEEEEELPPP ADWARE AND VIRUSES !!!, lease help me quick :(

Options

Nightmare View Member Profile	Dec 7 2006, 04:53 PM Post #1
Member Group: Members Posts: 12 Joined: 7-December 06 Member No.: 17,140	ok i am from Poland and i have bad english so i scan with panda activescan and i have this report: Adware:adware/e2give cen't recover Windows Registry Adware:adware/savenow can't recover Windows Registry so i cant delete it please help me this sucky files freeze my CPU please help me quick sorry for my bad english

Nightmare View Member Profile	Dec 7 2006, 05:00 PM Post #2
Member Group: Members Posts: 12 Joined: 7-December 06 Member No.: 17,140	please help me

Nightmare View Member Profile	Dec 7 2006, 06:13 PM Post #3
Member Group: Members Posts: 12 Joined: 7-December 06 Member No.: 17,140	please help me

tenteen View Member Profile	Dec 8 2006, 04:41 AM Post #4
Advanced Member Group: Members Posts: 39 Joined: 18-November 06 Member No.: 15,857	QUOTE(Nightmare @ Dec 7 2006, 11:13 AM) please help me 1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/combofix.exe 2. Double click on combofix.exe & follow the prompts. Note: If you receive a popup with a Disclaimer, read that and answer Y for yes (or N for no) Y is recommended (if you put N, the tool will exit without fixing and will remove the combofix file and folders) Do NOT click on the window while the fix is running, because that will cause your system to hang and the fix to stall. 3. When finished, it shall produce a log for you. Post that log in your next reply use this tool HJT www.merijn.org/files/hijackthis.zip unzip it and save on your desktop run HJT 'do a system scan and save log' post a log here

Nightmare View Member Profile	Dec 8 2006, 12:36 PM Post #5
Member Group: Members Posts: 12 Joined: 7-December 06 Member No.: 17,140	ok i scan >_< this is log: Logfile of HijackThis v1.99.1 Scan saved at 12:36, on 06-12-08 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Konrad\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza F2 - REG:system.ini: UserInit=userinit.exe O3 - Toolbar: Protection Bar - {bf1ced2c-4b3f-4079-a330-864eda5a4cff} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activeX/SpywareScanner.ocx O16 - DPF: {3C403675-B43C-410B-BF56-D4D1FB68356C} (ActiveXPortal Control) - http://72.29.84.224/OCX/gwnet.cab O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.modgik.lodz.pl/Mapa/mgaxctrl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4ABCE170-06FB-41BE-8157-190DDDCA9403}: NameServer = 85.255.114.51,85.255.112.8 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.51 85.255.112.8 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.51 85.255.112.8 O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - (no file) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

HJThis View Member Profile	Dec 9 2006, 07:53 PM Post #6
Advanced Member Group: Volunteer Security Advisor Posts: 4,076 Joined: 17-July 06 Member No.: 6,745	Hello,Nightmare & Welcome It looks like you did the scan from Safe Mode.? if so please run the scan in normal mode then show us a new HijackThis logfile. Gogo -------------------- Die Hijacker Die Member of ALLIANCE OF SECURITY ANALYSIS PROFESSIONALS Since 2004 Warning My killer dog at work. QUOTE IMPORTANT - Before Posting a HijackThis Log Instructions - on creating a HijackThis Log

« Next Oldest · Resolved/Inactive General Support Issues · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 31st July 2010 - 11:15 PM