Tech Support Guy banner
Status
Not open for further replies.
1 - 20 of 48 Posts

·
Registered
Joined
·
25 Posts
Discussion Starter · #1 ·
hello , i just "bought" f.e.a.r and it have some strange lock ups and crashes on random points .. i have 2.8 ghz , 512 mb ram and geforce 7600 gs (256 mb) , and when i tried to use another video card it worked just fine .. now pls what i need to do to block this annoing bug (by the way i apllied all patches on fear) and i have updated my video card .. (91.31) and i tried to disable all on config ms (start up) , can any one help ? (and its not over heated)

here is a link to my dx diag ..

http://www.speedyshare.com/732189702.html

pls help i sick of all those lock ups

http://forums.vugames.com/thread.jspa?threadID=41448&tstart=15 (sierra support)
 

·
Retired Trusted Advisor
Joined
·
5,333 Posts
I'm not an expert but this is the first step you need to take: You need to include a log from HijackThis (HJT). Try this link

http://www.majorgeeks.com/download3155.html

Download and Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Once you've posted the log you need to wait for advice from a qualified member as to what to do next. You'll see a gold shield next to their name which shows they are qualified to take you through the next stages. I hope this helps … and good luck!

Richard.

Thanks to Cheeseball81 for this.
 

·
Registered
Joined
·
25 Posts
Discussion Starter · #3 ·
first of all thx very much :)

here is the log file :

Logfile of HijackThis v1.99.1
Scan saved at 10:08:33, on 07/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\DeltTray.exe
C:\Program Files\WIBUKEY\H2O\CXWibu.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\yoni.YONI-0CB1441AE5\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.il/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Service Pack 3 Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.76.71.88:80
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Protection Bar - {860c2f6b-ca82-4282-9187-beccbb66f0af} - C:\Program Files\IntCodec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [H2OWIBU] C:\Program Files\WIBUKEY\H2O\CXWibu.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.nana.co.il/Cabs/launcher39.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS16\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS19\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS37\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS66\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS71\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS73\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS119\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS148\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS152\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS199\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS230\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS231\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS237\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS248\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS274\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS280\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS283\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS284\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS287\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS291\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS292\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS293\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS294\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS296\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS299\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS300\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS302\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS305\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS310\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS312\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS313\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS314\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS316\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS317\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS318\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS322\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS324\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS328\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
 

·
Registered
Joined
·
5,577 Posts
What exactly is the error message when it freezes?

The fact that it occurs at random points, and that it works fine with another video card immediately points to a hardware issue...are you sure that the newer card works fine?
 

·
Registered
Joined
·
25 Posts
Discussion Starter · #6 ·
there is no error messege ... its just freezes .. ctrl + ald + dlt dont works like the hall computer froze...hmm..all my other games works perfect...just fear is freezing and i saw other ppl with the same problem...(sierra realesed 8 patches but no one is fixing the freezing bug) .. i have the latest patch 1.8

well look i have a friend that has the same card and it freezes to him to but in other cards it work .. so its not a hardware .. its like a collision beetween something..so its definitly no hardware problem mate.. (i have updated my bios and motherboard too , and all my drivers of video updated too)

and i am sure my geforce 7600 gs (256 mb ram) works fine..

and i tried to cancel all start up problems and nothing helped .. :(

pls help ..

p.s - when i play in lan it dosent stuck .. but in multiplayer it stucks too..
 

·
Registered
Joined
·
25 Posts
Discussion Starter · #8 ·
here are my pc specs (dxdiag)

http://www.speedyshare.com/732189702.html

------------------
System Information
------------------
Time of this report: 1/5/2007, 19:38:02
Machine name: YONI-0CB1441AE5
Operating System: Windows XP Professional (5.1, Build 2600) Service Pack 2 (2600.xpsp.050928-1517)
Language: English (Regional Setting: Hebrew)
System Manufacturer: ASUSTeK COMPUTER INC.
System Model: P4U800-X
BIOS: Phoenix - Award BIOS v6.00PG
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz (2 CPUs)
Memory: 512MB RAM
Page File: 258MB used, 1420MB available
Windows Dir: C:\WINDOWS
DirectX Version: DirectX 9.0c (4.09.0000.0904)
DX Setup Parameters: Not found
DxDiag Version: 5.03.2600.2180 32bit Unicode

Display Devices
---------------
Card name: NVIDIA GeForce 7600 GS
Manufacturer: NVIDIA
Chip type: GeForce 7600 GS
DAC type: Integrated RAMDAC
Device Key: Enum\PCI\VEN_10DE&DEV_02E1&SUBSYS_82151043&REV_A2
Display Memory: 256.0 MB
Current Mode: 1024 x 768 (32 bit) (60Hz)
Monitor: Plug and Play Monitor
Monitor Max Res: 1600,1200
Driver Name: nv4_disp.dll
Driver Version: 6.14.0010.9131 (English)
DDI Version: 9 (or higher)
Driver Attributes: Final Retail
Driver Date/Size: 6/1/2006 11:22:00, 4529408 bytes
WHQL Logo'd: Yes
WHQL Date Stamp: n/a
VDD: n/a
Mini VDD: nv4_mini.sys
Mini VDD Date: 10/22/2006 12:22:00, 3994624 bytes
Device Identifier: {D7B71E3E-41A1-11CF-5850-1FA203C2CB35}
Vendor ID: 0x10DE
Device ID: 0x02E1
SubSys ID: 0x82151043
Revision ID: 0x00A2
Revision ID: 0x00A2
Video Accel: ModeMPEG2_A ModeMPEG2_B ModeMPEG2_C ModeMPEG2_D
 

·
Administrator
Joined
·
123,571 Posts
Is you ISP in Israel?

Please download SmitfraudFix (by S!Ri)

Extract (unzip) the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Warning: Do not run Option #2 until you are instructed to do so. Running option #2 on a non infected computer will remove your Desktop background.
 

·
Registered
Joined
·
25 Posts
Discussion Starter · #10 ·
yep my isp is in israel , i am from israel mate ..and thx very much for your help

and here is the report list

SmitFraudFix v2.132

Scan done at 17:50:06.79, Sun 01/07/2007
Run from C:\Documents and Settings\yoni.YONI-0CB1441AE5\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\yoni.YONI-0CB1441AE5

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\yoni.YONI-0CB1441AE5\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\YONI~1.YON\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
 

·
Administrator
Joined
·
123,571 Posts
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.

The report can also be found at the root of the system drive, usually at C:\rapport.txt
 

·
Registered
Joined
·
25 Posts
Discussion Starter · #12 ·
SmitFraudFix v2.132

Scan done at 19:57:23.75, Sun 01/07/2007
Run from C:\Documents and Settings\yoni.YONI-0CB1441AE5\Desktop\f.e.a.r\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Security Troubleshooting.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End
 

·
Administrator
Joined
·
123,571 Posts
Download AVG Anti-Spyware from HERE and save that file to your desktop.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.

  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
  4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  6. Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
  1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
  2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
  3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  4. AVG will now begin the scanning process. Please be patient as this may take a little time.
    Once the scan is complete, do the following:
  5. If you have any infections you will be prompted. Then select "Apply all actions."
  6. Next select the "Reports" icon at the top.
  7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
  8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.

Please go HERE to run Panda's ActiveScan
  • You need to use IE to run this scan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.
 

·
Registered
Joined
·
25 Posts
Discussion Starter · #14 ·
ok i uploaded it to speedyshare...it is too long report of avg

http://www.speedyshare.com/150679833.html

this is hijack :

Logfile of HijackThis v1.99.1
Scan saved at 20:44:21, on 08/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\DeltTray.exe
C:\Program Files\WIBUKEY\H2O\CXWibu.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\yoni.YONI-0CB1441AE5\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Service Pack 3 Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.76.71.88:80
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [H2OWIBU] C:\Program Files\WIBUKEY\H2O\CXWibu.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.nana.co.il/Cabs/launcher39.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS16\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS19\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS37\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS66\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS71\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS73\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS119\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS148\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS152\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS199\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS230\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS231\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS237\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS248\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS274\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS280\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS283\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS284\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS287\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS291\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS292\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS293\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS294\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS296\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS299\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS300\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS302\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS305\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS310\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS312\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS313\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS314\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS316\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS317\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS318\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS322\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS324\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS328\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

and panda i cant do it .. i use firefox becose my ie explorer is dont working (very old problem) but i use ie plug in it .. this is why i cant download active x maybe..
 

·
Administrator
Joined
·
123,571 Posts
Download WinPFind.exe to your desktop and double click on it open it and then select “extract” to extract the files. This will create a folder named WinPFind on your desktop.

Start in Safe Mode Using the F8 method:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.

Double click on the WinPFind folder on your desktop to open it and then double click on the WinPFind.exe file to start the program.

  • Click “Configure scan options”
  • Under “Run AdOns” select the following:
    • Policies.def
    • Security.def
  • Click “apply”
  • Click "Start Scan"
  • It will scan the entire System, so please be patient and let it complete.

When the scan is complete reboot normally and post the WinPFind.txt file (located in the WinPFind folder) back here along with a new HijackThis log.
 

·
Registered
Joined
·
25 Posts
Discussion Starter · #16 ·
ok its the winpfind report :

http://www.speedyshare.com/634199845.html

and its the hijack report :

Logfile of HijackThis v1.99.1
Scan saved at 13:38:34, on 09/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\DeltTray.exe
C:\Program Files\WIBUKEY\H2O\CXWibu.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\yoni.YONI-0CB1441AE5\Desktop\HijackThis.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Service Pack 3 Internet Explorer
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [H2OWIBU] C:\Program Files\WIBUKEY\H2O\CXWibu.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.nana.co.il/Cabs/launcher39.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O17 - HKLM\System\CS16\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS19\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS37\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS66\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS71\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS73\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS119\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS148\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS152\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS199\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS230\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS231\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS237\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS248\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS274\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS280\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS283\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS284\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS287\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS291\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS292\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS293\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS294\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS296\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS299\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS300\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS302\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS305\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS310\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS312\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS313\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS314\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS316\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS317\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS318\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS322\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS324\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
 

·
Administrator
Joined
·
123,571 Posts
I don't see anything there.

Go to Start - Run - type in eventvwr.msc and click OK.

Look under "application" and "system" for any recent errors shown in red and double click on them to open them then click on the icon that looks like two pieces of paper to copy them to the clipboard. Paste them here please.
 

·
Registered
Joined
·
25 Posts
Discussion Starter · #20 ·
man i have touthends of them on system and couple more hundreds (sorry for my bad english) on application .. coppy them all ? it will take years man ..

i have problems on icq , fire fox and battle field 2 and something called em 3 and i explore

and on system thing like

The Cfg Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

and

The Nsynas32 service failed to start due to the following error:
The system cannot find the file specified.
 
1 - 20 of 48 Posts
Status
Not open for further replies.
Top