Sign in to follow this  


Recommended Posts

ok i am from Poland and i have bad english so i scan with panda activescan and i have this report:


Adware:adware/e2give cen't recover Windows Registry

Adware:adware/savenow can't recover Windows Registry


so i cant delete it ;)

please help me this sucky files freeze my CPU :)

please help me quick :)

sorry for my bad english :)

Share this post

Link to post
Share on other sites
please help me



1. Download this file - combofix.exe


2. Double click on combofix.exe & follow the prompts.


Note: If you receive a popup with a Disclaimer, read that and answer Y for yes (or N for no)

Y is recommended (if you put N, the tool will exit without fixing and will remove the combofix file and folders)


Do NOT click on the window while the fix is running, because that will cause your system to hang and the fix to stall.


3. When finished, it shall produce a log for you. Post that log in your next reply



use this tool HJT


unzip it and save on your desktop

run HJT 'do a system scan and save log' post a log here

Share this post

Link to post
Share on other sites

ok i scan >_< this is log:


Logfile of HijackThis v1.99.1

Scan saved at 12:36, on 06-12-08

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:














C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Konrad\Pulpit\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza

F2 - REG:system.ini: UserInit=userinit.exe

O3 - Toolbar: Protection Bar - {bf1ced2c-4b3f-4079-a330-864eda5a4cff} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) -

O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) -

O16 - DPF: {3C403675-B43C-410B-BF56-D4D1FB68356C} (ActiveXPortal Control) -

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) -

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) -

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} -

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) -

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{4ABCE170-06FB-41BE-8157-190DDDCA9403}: NameServer =,

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer =

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer =

O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll

O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - (no file)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Share this post

Link to post
Share on other sites

Hello,Nightmare & Welcome


It looks like you did the scan from Safe Mode.?

if so please run the scan in normal mode

then show us a new HijackThis logfile.



Gogo :)

Share this post

Link to post
Share on other sites
Sign in to follow this