# f.e.a.r pc freeze problem



## extazya (Jan 6, 2007)

hello , i just "bought" f.e.a.r and it have some strange lock ups and crashes on random points .. i have 2.8 ghz , 512 mb ram and geforce 7600 gs (256 mb) , and when i tried to use another video card it worked just fine .. now pls what i need to do to block this annoing bug (by the way i apllied all patches on fear) and i have updated my video card .. (91.31) and i tried to disable all on config ms (start up) , can any one help ? (and its not over heated)

here is a link to my dx diag ..

http://www.speedyshare.com/732189702.html

pls help i sick of all those lock ups

http://forums.vugames.com/thread.jspa?threadID=41448&tstart=15 (sierra support)


----------



## 1002richards (Jan 29, 2006)

I'm not an expert but this is the first step you need to take: You need to include a log from HijackThis (HJT). Try this link

http://www.majorgeeks.com/download3155.html

Download and Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Once you've posted the log you need to wait for advice from a qualified member as to what to do next. You'll see a gold shield next to their name which shows they are qualified to take you through the next stages. I hope this helps … and good luck!

Richard.

Thanks to Cheeseball81 for this.


----------



## extazya (Jan 6, 2007)

first of all thx very much 

here is the log file :

Logfile of HijackThis v1.99.1
Scan saved at 10:08:33, on 07/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\DeltTray.exe
C:\Program Files\WIBUKEY\H2O\CXWibu.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\yoni.YONI-0CB1441AE5\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.il/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Service Pack 3 Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.76.71.88:80
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Protection Bar - {860c2f6b-ca82-4282-9187-beccbb66f0af} - C:\Program Files\IntCodec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [H2OWIBU] C:\Program Files\WIBUKEY\H2O\CXWibu.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.nana.co.il/Cabs/launcher39.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS16\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS19\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS37\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS66\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS71\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS73\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS119\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS148\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS152\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS199\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS230\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS231\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS237\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS248\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS274\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS280\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS283\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS284\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS287\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS291\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS292\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS293\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS294\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS296\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS299\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS300\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS302\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS305\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS310\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS312\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS313\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS314\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS316\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS317\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS318\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS322\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS324\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS328\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


----------



## 1002richards (Jan 29, 2006)

Hi,
I can't take this any further, just await someone with a gold shield next to their name. You'll get great help from them.

Richard


----------



## McTimson (Aug 16, 2002)

What exactly is the error message when it freezes?

The fact that it occurs at random points, and that it works fine with another video card immediately points to a hardware issue...are you sure that the newer card works fine?


----------



## extazya (Jan 6, 2007)

there is no error messege ... its just freezes .. ctrl + ald + dlt dont works like the hall computer froze...hmm..all my other games works perfect...just fear is freezing and i saw other ppl with the same problem...(sierra realesed 8 patches but no one is fixing the freezing bug) .. i have the latest patch 1.8

well look i have a friend that has the same card and it freezes to him to but in other cards it work .. so its not a hardware .. its like a collision beetween something..so its definitly no hardware problem mate.. (i have updated my bios and motherboard too , and all my drivers of video updated too)

and i am sure my geforce 7600 gs (256 mb ram) works fine..

and i tried to cancel all start up problems and nothing helped ..  

pls help .. 

p.s - when i play in lan it dosent stuck .. but in multiplayer it stucks too..


----------



## Teck (Jan 1, 2007)

Post that log in the sercurity section.

Tell us all your pc specs.


----------



## extazya (Jan 6, 2007)

here are my pc specs (dxdiag)

http://www.speedyshare.com/732189702.html

------------------
System Information
------------------
Time of this report: 1/5/2007, 19:38:02
Machine name: YONI-0CB1441AE5
Operating System: Windows XP Professional (5.1, Build 2600) Service Pack 2 (2600.xpsp.050928-1517)
Language: English (Regional Setting: Hebrew)
System Manufacturer: ASUSTeK COMPUTER INC.
System Model: P4U800-X
BIOS: Phoenix - Award BIOS v6.00PG
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz (2 CPUs)
Memory: 512MB RAM
Page File: 258MB used, 1420MB available
Windows Dir: C:\WINDOWS
DirectX Version: DirectX 9.0c (4.09.0000.0904)
DX Setup Parameters: Not found
DxDiag Version: 5.03.2600.2180 32bit Unicode

Display Devices
---------------
Card name: NVIDIA GeForce 7600 GS 
Manufacturer: NVIDIA
Chip type: GeForce 7600 GS
DAC type: Integrated RAMDAC
Device Key: Enum\PCI\VEN_10DE&DEV_02E1&SUBSYS_82151043&REV_A2
Display Memory: 256.0 MB
Current Mode: 1024 x 768 (32 bit) (60Hz)
Monitor: Plug and Play Monitor
Monitor Max Res: 1600,1200
Driver Name: nv4_disp.dll
Driver Version: 6.14.0010.9131 (English)
DDI Version: 9 (or higher)
Driver Attributes: Final Retail
Driver Date/Size: 6/1/2006 11:22:00, 4529408 bytes
WHQL Logo'd: Yes
WHQL Date Stamp: n/a
VDD: n/a
Mini VDD: nv4_mini.sys
Mini VDD Date: 10/22/2006 12:22:00, 3994624 bytes
Device Identifier: {D7B71E3E-41A1-11CF-5850-1FA203C2CB35}
Vendor ID: 0x10DE
Device ID: 0x02E1
SubSys ID: 0x82151043
Revision ID: 0x00A2
Revision ID: 0x00A2
Video Accel: ModeMPEG2_A ModeMPEG2_B ModeMPEG2_C ModeMPEG2_D


----------



## Cookiegal (Aug 27, 2003)

Is you ISP in Israel?

Please download *SmitfraudFix* (by *S!Ri*)

Extract (unzip) the content (a folder named *SmitfraudFix*) to your Desktop.

Open the *SmitfraudFix* folder and double-click *smitfraudfix.cmd*
Select option #1 - *Search* by typing *1* and press "*Enter*"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

*Note* : *process.exe* is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Warning: Do not run Option #2 until you are instructed to do so. Running option #2 on a non infected computer will remove your Desktop background.


----------



## extazya (Jan 6, 2007)

yep my isp is in israel , i am from israel mate ..and thx very much for your help

and here is the report list

SmitFraudFix v2.132

Scan done at 17:50:06.79, Sun 01/07/2007
Run from C:\Documents and Settings\yoni.YONI-0CB1441AE5\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\yoni.YONI-0CB1441AE5

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\yoni.YONI-0CB1441AE5\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\YONI~1.YON\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End


----------



## Cookiegal (Aug 27, 2003)

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in *Safe Mode* by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the *SmitfraudFix* folder again and double-click *smitfraudfix.cmd*
Select option #2 - *Clean* by typing *2* and press "*Enter*" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing *Y* and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if *wininet.dll* is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing *Y* and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.

The report can also be found at the root of the system drive, usually at *C:\rapport.txt*


----------



## extazya (Jan 6, 2007)

SmitFraudFix v2.132

Scan done at 19:57:23.75, Sun 01/07/2007
Run from C:\Documents and Settings\yoni.YONI-0CB1441AE5\Desktop\f.e.a.r\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Security Troubleshooting.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End


----------



## Cookiegal (Aug 27, 2003)

Download *AVG Anti-Spyware* from *HERE* and save that file to your desktop.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.


Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "*Update*" then select the "*Update now*" link.
Next select the "*Start Update*" button. The update will start and a progress bar will show the updates being installed.

Once the update has completed, select the "*Scanner*" icon at the top of the screen, then select the "*Settings*" tab.
Once in the Settings screen click on "*Recommended actions*" and then select "*Quarantine*".
Under "*Reports*"
Select "*Automatically generate report after every scan*"
Un-Select "*Only if threats were found*"

Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
Reboot your computer into *Safe Mode*. You can do this by restarting your computer and continually tapping the *F8* key until a menu appears. Use your up arrow key to highlight *Safe Mode* then hit enter.

*IMPORTANT:* Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:

Launch AVG Anti-Spyware by double clicking the icon on your desktop.
Select the "*Scanner*" icon at the top and then the "*Scan*" tab then click on "*Complete System Scan*".
AVG will now begin the scanning process. Please be patient as this may take a little time.
*Once the scan is complete, do the following:*
If you have any infections you will be prompted. Then select "*Apply all actions.*"
Next select the "*Reports*" icon at the top.
Select the "*Save report as*" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
Close AVG Anti-Spyware and reboot your system back into Normal Mode.

Please go *HERE* to run Panda's ActiveScan
You need to use IE to run this scan
Once you are on the Panda site click the *Scan your PC* button
A new window will open...click the *Check Now* button
Enter your *Country*
Enter your *State/Province*
Enter your *e-mail address* and click *send*
Select either *Home User* or *Company*
Click the big *Scan Now* button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on *My Computer* to start the scan
When the scan completes, if anything malicious is detected, click the *See Report* button, *then Save Report* and save it to a convenient location. Post the contents of the ActiveScan report

*Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.*


----------



## extazya (Jan 6, 2007)

ok i uploaded it to speedyshare...it is too long report of avg

http://www.speedyshare.com/150679833.html

this is hijack :

Logfile of HijackThis v1.99.1
Scan saved at 20:44:21, on 08/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\DeltTray.exe
C:\Program Files\WIBUKEY\H2O\CXWibu.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\yoni.YONI-0CB1441AE5\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Service Pack 3 Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.76.71.88:80
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [H2OWIBU] C:\Program Files\WIBUKEY\H2O\CXWibu.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.nana.co.il/Cabs/launcher39.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS16\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS19\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS37\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS66\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS71\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS73\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS119\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS148\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS152\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS199\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS230\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS231\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS237\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS248\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS274\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS280\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS283\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS284\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS287\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS291\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS292\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS293\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS294\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS296\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS299\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS300\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS302\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS305\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS310\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS312\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS313\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS314\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS316\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS317\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS318\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS322\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS324\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS328\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

and panda i cant do it .. i use firefox becose my ie explorer is dont working (very old problem) but i use ie plug in it .. this is why i cant download active x maybe..


----------



## Cookiegal (Aug 27, 2003)

Download *WinPFind.exe* to your desktop and double click on it open it and then select extract to extract the files. This will create a folder named *WinPFind* on your desktop.

*Start in Safe Mode Using the F8 method:*


Restart the computer.
As soon as the BIOS is loaded begin tapping the *F8* key until the boot menu appears.
Use the arrow keys to select the *Safe Mode* menu item.
Press the *Enter* key.

Double click on the WinPFind folder on your desktop to open it and then double click on the *WinPFind.exe* file to start the program.


Click Configure scan options
Under Run AdOns select the following:
Policies.def
Security.def

Click apply
Click "*Start Scan*"
*It will scan the entire System, so please be patient and let it complete.*

When the scan is complete reboot normally and post the *WinPFind.txt* file (located in the WinPFind folder) back here along with a new HijackThis log.


----------



## extazya (Jan 6, 2007)

ok its the winpfind report :

http://www.speedyshare.com/634199845.html

and its the hijack report :

Logfile of HijackThis v1.99.1
Scan saved at 13:38:34, on 09/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\DeltTray.exe
C:\Program Files\WIBUKEY\H2O\CXWibu.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\yoni.YONI-0CB1441AE5\Desktop\HijackThis.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Service Pack 3 Internet Explorer
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [H2OWIBU] C:\Program Files\WIBUKEY\H2O\CXWibu.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.nana.co.il/Cabs/launcher39.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O17 - HKLM\System\CS16\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS19\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS37\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS66\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS71\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS73\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS119\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS148\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS152\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS199\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS230\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS231\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS237\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS248\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS274\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS280\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS283\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS284\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS287\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS291\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS292\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS293\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS294\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS296\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS299\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS300\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS302\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS305\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS310\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS312\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS313\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS314\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS316\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS317\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS318\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS322\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O17 - HKLM\System\CS324\Services\Tcpip\..\{06F1A0D7-924A-4FB9-A7FF-F9B03E99554F}: NameServer = 192.116.202.222 213.8.172.83
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


----------



## Cookiegal (Aug 27, 2003)

I can't access that one. Please upload it here as an attachment.


----------



## extazya (Jan 6, 2007)

here

its attached


----------



## Cookiegal (Aug 27, 2003)

I don't see anything there.

Go to *Start *- *Run *- type in *eventvwr.msc* and click OK.

Look under "application" and "system" for any recent errors shown in red and double click on them to open them then click on the icon that looks like two pieces of paper to copy them to the clipboard. Paste them here please.


----------



## extazya (Jan 6, 2007)

man i have touthends of them on system and couple more hundreds (sorry for my bad english) on application .. coppy them all ? it will take years man ..

i have problems on icq , fire fox and battle field 2 and something called em 3 and i explore

and on system thing like

The Cfg Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

and 

The Nsynas32 service failed to start due to the following error: 
The system cannot find the file specified.


----------



## Cookiegal (Aug 27, 2003)

Be reasonable. Pick a few of the most recent ones that look like they may apply and paste them here. We need to see the entire message.


----------



## Spandexer (Dec 1, 2004)

Sorry for interrupting, but I have to say the two of you playing 'tug o war' here is funny as all get out.


----------



## extazya (Jan 6, 2007)

ok here is under aplications :

Faulting application firefox.exe, version 1.8.20061.20612, faulting module npswf32.dll, version 9.0.28.0, fault address 0x0008f289.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

and i got this :

Faulting application winamp.exe, version 5.3.2.1003, faulting module imon.dll, version 2.50.41.0, fault address 0x0000b1eb.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

and this :

Faulting application icqlite.exe, version 20.52.2573.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

and this :

Faulting application bf2142.exe, version 0.0.0.0, faulting module renddx9.dll, version 0.0.0.0, fault address 0x001c626c.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

its my recent ones (its even before i installed f.e.a.r)

and its an old lag i fixed about hitman game :

Faulting application hitmanbloodmoney.exe, version 0.0.0.0, faulting module hitmanbloodmoney.exe, version 0.0.0.0, fault address 0x0005ff0b.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

and here its under the system :

The Cfg Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

and this

The Nsynas32 service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

and this

The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

and this :

The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'Sweeper.cfg' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

its my recent ones since january the 1st.

and thx again for your help , waiting for further insturcitons !

and spandexer ! its not funny


----------



## Cookiegal (Aug 27, 2003)

I need you to open them up (as per my previous instructions) and copy their entire contents here please.


----------



## extazya (Jan 6, 2007)

ok under applictions :

Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 12/01/2007
Time: 11:15:43
User: N/A
Computer:	YONI-0CB1441AE5
Description:
Faulting application firefox.exe, version 1.8.20061.20612, faulting module npswf32.dll, version 9.0.28.0, fault address 0x0008f289.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 66 69 72 ure fir
0018: 65 66 6f 78 2e 65 78 65 efox.exe
0020: 20 31 2e 38 2e 32 30 30 1.8.200
0028: 36 31 2e 32 30 36 31 32 61.20612
0030: 20 69 6e 20 6e 70 73 77 in npsw
0038: 66 33 32 2e 64 6c 6c 20 f32.dll 
0040: 39 2e 30 2e 32 38 2e 30 9.0.28.0
0048: 20 61 74 20 6f 66 66 73 at offs
0050: 65 74 20 30 30 30 38 66 et 0008f
0058: 32 38 39 0d 0a 289..

Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 28/12/2006
Time: 14:33:07
User: N/A
Computer:	YONI-0CB1441AE5
Description:
Faulting application winamp.exe, version 5.3.2.1003, faulting module imon.dll, version 2.50.41.0, fault address 0x0000b1eb.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 77 69 6e ure win
0018: 61 6d 70 2e 65 78 65 20 amp.exe 
0020: 35 2e 33 2e 32 2e 31 30 5.3.2.10
0028: 30 33 20 69 6e 20 69 6d 03 in im
0030: 6f 6e 2e 64 6c 6c 20 32 on.dll 2
0038: 2e 35 30 2e 34 31 2e 30 .50.41.0
0040: 20 61 74 20 6f 66 66 73 at offs
0048: 65 74 20 30 30 30 30 62 et 0000b
0050: 31 65 62 0d 0a 1eb..

Event Type:	Error
Event Source:	Windows Live Messenger
Event Category:	None
Event ID:	1000
Date: 14/12/2006
Time: 14:57:48
User: N/A
Computer:	YONI-0CB1441AE5
Description:
The description for Event ID ( 1000 ) in Source ( Windows Live Messenger ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: msnmsgr.exe, 8.0.812.0, 44cc1896, ntdll.dll, 5.1.2600.2180, 411096b4, 0, 00018fea.
Data:
0000: 41 00 70 00 70 00 6c 00 A.p.p.l.
0008: 69 00 63 00 61 00 74 00 i.c.a.t.
0010: 69 00 6f 00 6e 00 20 00 i.o.n. .
0018: 46 00 61 00 69 00 6c 00 F.a.i.l.
0020: 75 00 72 00 65 00 20 00 u.r.e. .
0028: 20 00 6d 00 73 00 6e 00 .m.s.n.
0030: 6d 00 73 00 67 00 72 00 m.s.g.r.
0038: 2e 00 65 00 78 00 65 00 ..e.x.e.
0040: 20 00 38 00 2e 00 30 00 .8...0.
0048: 2e 00 38 00 31 00 32 00 ..8.1.2.
0050: 2e 00 30 00 20 00 34 00 ..0. .4.
0058: 34 00 63 00 63 00 31 00 4.c.c.1.
0060: 38 00 39 00 36 00 20 00 8.9.6. .
0068: 69 00 6e 00 20 00 6e 00 i.n. .n.
0070: 74 00 64 00 6c 00 6c 00 t.d.l.l.
0078: 2e 00 64 00 6c 00 6c 00 ..d.l.l.
0080: 20 00 35 00 2e 00 31 00 .5...1.
0088: 2e 00 32 00 36 00 30 00 ..2.6.0.
0090: 30 00 2e 00 32 00 31 00 0...2.1.
0098: 38 00 30 00 20 00 34 00 8.0. .4.
00a0: 31 00 31 00 30 00 39 00 1.1.0.9.
00a8: 36 00 62 00 34 00 20 00 6.b.4. .
00b0: 66 00 44 00 65 00 62 00 f.D.e.b.
00b8: 75 00 67 00 20 00 30 00 u.g. .0.
00c0: 20 00 61 00 74 00 20 00 .a.t. .
00c8: 6f 00 66 00 66 00 73 00 o.f.f.s.
00d0: 65 00 74 00 20 00 30 00 e.t. .0.
00d8: 30 00 30 00 31 00 38 00 0.0.1.8.
00e0: 66 00 65 00 61 00 0d 00 f.e.a...
00e8: 0a 00 ..

Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 07/12/2006
Time: 16:30:21
User: N/A
Computer:	YONI-0CB1441AE5
Description:
Faulting application bf2142.exe, version 0.0.0.0, faulting module renddx9.dll, version 0.0.0.0, fault address 0x001c626c.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 62 66 32 ure bf2
0018: 31 34 32 2e 65 78 65 20 142.exe 
0020: 30 2e 30 2e 30 2e 30 20 0.0.0.0 
0028: 69 6e 20 72 65 6e 64 64 in rendd
0030: 78 39 2e 64 6c 6c 20 30 x9.dll 0
0038: 2e 30 2e 30 2e 30 20 61 .0.0.0 a
0040: 74 20 6f 66 66 73 65 74 t offset
0048: 20 30 30 31 63 36 32 36 001c626
0050: 63 0d 0a c..


----------



## extazya (Jan 6, 2007)

under system :

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 13/01/2007
Time: 11:27:45
User: N/A
Computer:	YONI-0CB1441AE5
Description:
The Nsynas32 service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7028
Date: 12/01/2007
Time: 13:25:29
User: N/A
Computer:	YONI-0CB1441AE5
Description:
The Cfg Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7028
Date: 12/01/2007
Time: 10:02:23
User: N/A
Computer:	YONI-0CB1441AE5
Description:
The Cfg Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	ipnathlp
Event Category:	None
Event ID:	32003
Date: 10/01/2007
Time: 14:46:37
User: N/A
Computer:	YONI-0CB1441AE5
Description:
The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 1f 00 00 00 ....

Event Type:	Error
Event Source:	Dhcp
Event Category:	None
Event ID:	1002
Date: 10/01/2007
Time: 14:46:37
User: N/A
Computer:	YONI-0CB1441AE5
Description:
The IP address lease 192.168.100.4 for the Network Card with network address 009064D62622 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	sr
Event Category:	None
Event ID:	1
Date: 09/01/2007
Time: 13:49:20
User: N/A
Computer:	YONI-0CB1441AE5
Description:
The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'Sweeper.cfg' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 4e 00 ......N.
0008: 00 00 00 00 01 00 00 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........


----------



## Cookiegal (Aug 27, 2003)

Do you have administrator privileges?


----------



## extazya (Jan 6, 2007)

yep i am the computer administartor


----------



## Cookiegal (Aug 27, 2003)

Download *ComboFix* to your Desktop.

Reboot to Safe mode:

Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done properly a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

Perform the following actions in *Safe Mode*.

Double click *combofix.exe * and follow the prompts.
When finished, it will produce a log for you. Post that log and a new *HijackThis* log in your next reply
*Note: Do not mouseclick combofix's window while it's running as that may cause it to stall*


----------



## extazya (Jan 6, 2007)

i did what you say , it said i have a system coorupt and it will try to fix it .. and in the buttom they saying , type any key to exit and reboot and go to combfix again well i did it again in safe mode and all .. and amm dont know , hope it helped ,by the way in safe ,mode i have 2 accounts .. administrator and and my account (i hope it normal) and hijack log is attached.

thx


----------



## Cookiegal (Aug 27, 2003)

Go to Start - Run - type in eventvwr.msc and click OK.

Look under "system" and see if there are any errors in red that are recent. If so, double click on it to open it up. Then click on the icon on the right-hand side that looks like two pieces of paper. Doing that copies the entire error message to the clipboard. Then paste them here please.


----------



## extazya (Jan 6, 2007)

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 17/01/2007
Time: 14:34:41
User: N/A
Computer:	YONI-0CB1441AE5
Description:
The Nsynas32 service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7028
Date: 15/01/2007
Time: 11:53:59
User: N/A
Computer:	YONI-0CB1441AE5
Description:
The Cfg Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

those 2 are from the last 3 days .. hope it helped


----------



## Cookiegal (Aug 27, 2003)

Go to *Start *- *Run *- type in *devmgmt.msc* and click OK. Tell me if you see any yellow exclamation marks beside any of the devices listed there.


----------



## extazya (Jan 6, 2007)

nope , no yellow question marks or hadware problems..


----------



## Cookiegal (Aug 27, 2003)

In your first post you said "i just "bought" f.e.a.r". Why did you put "bought" in quotation marks?


----------



## extazya (Jan 6, 2007)

dont really know , my bad ..


----------



## Cookiegal (Aug 27, 2003)

You did mention early on that with another video card it worked fine, right?


----------



## extazya (Jan 6, 2007)

well not exectly , i have a friennd with the same pc , that the game worked for him with another video card but when he bought a card like me it started to stuck , but there are milion report of other cards that stucking too , ati , nvidia , almost all to some users ..


----------



## Cookiegal (Aug 27, 2003)

Do you have administrator privileges? One of those errors indicates a permissions problem.


----------



## extazya (Jan 6, 2007)

hmm , my account is set as administrator (only i use my computer) , but i have an old account i cant erase and it takes 70gb + of my disc space , becose i once installed my windows without doing a format so now when i try to access my old account wich i cant becose they say access and i cant delete all the stuff .. so coping the windows was a mistake.


----------



## Cookiegal (Aug 27, 2003)

That could be a factor, I really don't know. As this is out of my realm of malware now, I'm out of options. Hopefully someone else will have some suggestions.

I would recommend getting rid fo the double installation or reformatting and starting fresh.


----------



## extazya (Jan 6, 2007)

ok , thx very much for your help


----------



## Cookiegal (Aug 27, 2003)

You're welcome.


----------



## displav. (Jan 30, 2007)

Hey that was a looong try to fix the problem!!

But it seems that i got just the same thing!

I installed F.E.A.R. which i just bought tonight and when i try to run the game
everything just freezes!!
Just like that guys!

1st thought it was something with the DirectX which my kaspersky didn't allow to run
but i installed it manualy!!

Anyway i unistalled and installed again the game 2 more times but the problem is still there...!!

Dont know if its a problem of the graphic card but i need help

I'm trying to download now the 1.8 patch and hopefully make the game start!!

Thats the reason i bought it so that I CAN PLAY IT!!!!


So if you plz could help me start this thing id be sooo glad!!!

I hope that i dont have to do all those steps that the other guy did cause thats toooo much for just playing a stupid game!!

so im waiting for any help!!

Thanx!!!


ah and my PC is a sony VAIO VGN-FE21B

Cheers


----------



## GripS (Apr 30, 2005)

You know there is the possibility that neither one of your systems are 'stable'. FEAR is quite the demanding game. Sometimes it takes a game that is a resource hog to uncover instabilities in hardware. Heat is not the only factor here.

For both of you having the issue. Test your ram with memtest86 (or memtest for windows). Try running the stress test in prime95 (freeware). Let it run for a couple of hours at least. You should get no errors from either test. Finally try running 3dmark05 or 3dmark06. You should be able to run those to completion without lockups. The CPU tests in both of those benchmarks run VERY slow even on high end systems so be patient. 

If you can run memtest, prime95 and the 3dmarks without issue then it's likely a software issue. If not then we are looking at improperly configured or defective hardware.


----------



## SomeoneUKno (Dec 31, 2004)

Not that -- im having the same issues over here, and this computer has been able to run literally any game or program i've thrown at it. Should be able to also with its specs.


----------



## jcrayon (Apr 23, 2007)

A few weeks ago I installed a WinFast 7600 GT TDH 256MB video card and started having similar lockup issues as has been reported here, but with Guild Wars.

Last night I installed FEAR and am experiencing lockups / freeze / hang that are EXACTLY the same.

The occurence exhibits itself as normal gameplay, followed by a complete system lock. On my system, with a Syncmaster 204B LCD monitor, the the freeze occurs and the screen goes black. I need to hold the power button down on my PC and completely kill power before I can restart.

There are no even log entries to suggest any problems immediately prior to the freeze, and this is consistent behaviour in both games.

The Guild Wars solution: I was trying to play at 1600x1200 with fsaa and 4xwhatevers. I just cranked the resolution back a couple of levels and turned off the anti-aliasing, left all other settings at high, and haven't had a problem since. It still looks sweet.

I am just starting to try pulling the FEAR settings back, and will report here.

Cheers,
John Crayon


----------



## jcrayon (Apr 23, 2007)

OK, Well some success. Pulled back all the graphics settings to minimums, set 1024x768, and forced DX8 shaders (it's one of the FEAR advanced graphics options) and it just runs fine.

There is definitely some sort of driver issue.

Leaving settings low, I then upped the res to 1600x1200 and didn't get 30 secs into the game before it froze.

Perhaps it's a combination of things, but as usual for this sort of troubleshooting, start with low settings and work upwards.

Has anyone had any success using older drivers? I am currently using Forceware 93.71, however I have read reviews where they do a FEAR test at 1600x1200 with 4x and 8x Anisotropic filtering, but they were using v84.17

I am reluctant to uninstall and reinstall with older drivers if I don't have to. Plays havox with icon layout 

Hope this helps someone.

Cheers,
JC


----------

