Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Snail Comp, Svchost


  • This topic is locked This topic is locked
24 replies to this topic

#1 Istra

Istra

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 31 March 2008 - 10:33 PM

Hello
I need a help. I have read several topics here, most of problems sound familiar, but...
I have an old Gericom, with little memory. I bought it when I started studying. Last year I gave it to service to reinstall Windows and I think that boy there might have enabled to much services.
I use this comp on various places so I have configured 4 internet connections
10 days ago I have upgraded BitDefender and friend talked me to get version i am not familiar with. Problems I had before blossomed because BD tries to stop me from doing everything. I yet have to learn to configure it.
Problem description:
- some times my comp gets very slow. BitDefender shows no activity in file or net zone, and I have no idea what`s up
- right click doesn`t show "Save target as.." a friend had to download neccesary files for me
- startup is very slow, reboot takes 12 minutes, hybernate is mach faster
- on startup and reboot I get a notice that "svchost.exe has encountered some problems and needs to be stoped"
- when i start taskmanager i see 8 processes run by svchost, and i haven`t started it (svchost)
- i noticed that there were two or more internet connections running at the same time, and on tray was shown only one, so i disabled everything except the connestion I`m currently using. I have to switch them.
- processor is often on 100 %
- occasionally everything disappears from my destop, besides wallpaper and window i am working in, usually when i try to start something else
- right now i have icons but no wallpaper, that hasn`t happened ever before
Actions taken:
- followed the Preparation Guide
- Adaware eliminated 7 cookies,
- Spybot founded ErrorNukker, eliminated it
- BD Malware found a registry entry key, but did not deleted id. I could not find it when i looked
- scanned two times with BD Internet, nothing

Things now are a bit better, but it is not as it used to be.

I have new hyjack list:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:14:43, on 1.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\System32\locator.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\khooker.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Owner\Desktop\spider.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Search with &Google - C:\Documents and Settings\Owner\Application Data\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.download.com
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168978261710
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168978239408
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 8656 bytes

I would really apreciate some help. I am a student and I`d like to keep this comp for couple of months till i graduate. it`s very odd to work on another one.
Your pages have been very informative for me, but I am not "computer friendly" and english is my second language. I don`t want to do more harm than improvement if I have to do it all by myself, so if there`s any kind soul...
Thanks, waiting...
Istra :thumbsup:
Sometimes I think I understand everything... then I regain consciousness.

BC AdBot (Login to Remove)

 


#2 katana

katana

    MRU Expert


  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester (UK)
  • Local time:09:12 AM

Posted 12 April 2008 - 05:27 AM

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

If you still require help please can you give an update on your problems

There is nothing dramatic showing in your HJT log, so let's get a bit more info.
It is common to have multiple Svchost running, and it starts automatically.


Deckard's System Scanner (DSS)

Please download Deckard's System Scanner (DSS) to your Desktop.
Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply

Posted Image

#3 Istra

Istra
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 12 April 2008 - 07:54 AM

Hi, Katana :thumbsup:
I`m so sorry I`ve miss you. I hope you can be here again today.
I`ll post DSS in couple of minutes.
Those creeps are so nasty I won`t be happy `till we nail them all.
Thanks for help. Be back soon
Istra
BTW, we`re in the same time zone, this is very convenient.
Sometimes I think I understand everything... then I regain consciousness.

#4 katana

katana

    MRU Expert


  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester (UK)
  • Local time:09:12 AM

Posted 12 April 2008 - 08:14 AM

Hi Istra,

I will be mooching about most of the time, so don't worry I'll see your posts :thumbsup:
Posted Image

#5 Istra

Istra
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 12 April 2008 - 10:02 AM

Hi, I`m back

First, what I`m been doing while waited for reply on my topic:

1. Hung on BC, reading topics and tutorials. I`ve learned about malware more than I ever wanted, and now I`m really furious. :blink:

2. went through \windows and \system32, checked if everything is signed by a known SW company, and deleted all I did not know how gets on my computer.

3. Now I have warning at startup about svchost has performed something illegal and has to be stopped, and I have to run it again. I didn`t and saw that I used to have 9 svchost processes running, and now there`s only 8.

3a. BitDef`s firewall lists processes rapimgr.exe and wcesmgr.exe in C:\Program Files\Microsoft ActiveSync\. When I tried to block them, it said that it`s invallid directory, deleting them creates first any process and deleting any creates a system process, both in .\system folder. Now I have 7 systems and I don`t touch them any more. :thumbsup:

4. I updated and run Antymalware SWs every day, staying off-line mostly. Programms were damaged several times, and I had to reinstall them. :wacko:

5. I run DSS this morning, and it found sites I never opened. Here`s the list:
127.0.0.1 .archivioadulti.com
127.0.0.1 .internet-explorer.name
127.0.0.1 .katasearch.com
127.0.0.1 .preferiti-windows.com
127.0.0.1 .qoogler.com
127.0.0.1 .tuttoavolonta.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com

I blocked them in BitDefenders parental controll, so they are not listed in new DSS log.

6. Yesterday AdAware found:
Infections Found
===========================
Family Id: 725 Name: Tracking Cookie Category: DataMiner TAI:3
Item Id: 600000190 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Owner\Cookies\index.dat

www.googleadservices.com Conversion /pagead/conversion/1072506049/

7. On todays DSS scan file extra.txt was not created, and I`ll post one created this morning.

8. I suspect that my computer has been used as a server in some network, because my provider is T-Com Croatia Internet network, at IP 195.29.150.5, and my DSL Connection says my IP 192.168.1.4. at gateway 192.168.1.1. I`ll check it with my provider.

9. I also tried to identify some IPs from BitDef firewall log, got their provider, but I still don`t know if I went to these sites, and they won`t tell which sites they are because IP address is private and confidental.

10. I`m getting a lot of spam. I blocked these addresses in Outlook Express, but they change all the time. I suspect that they are stollen, and maybe some poor souls out there are getting mails from me pushing some enlargement products... I haven`t opened my mail from sunday.


----------------to be continued------------
Sometimes I think I understand everything... then I regain consciousness.

#6 katana

katana

    MRU Expert


  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester (UK)
  • Local time:09:12 AM

Posted 12 April 2008 - 10:09 AM

STOP !!!!!!

Stop everything you are doing, and go and get a cup of coffee or tea,

I will explain shortly.
Posted Image

#7 Istra

Istra
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 12 April 2008 - 10:21 AM

---------continued----------

OK, now fresh reports:

Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-12 15:33:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 240 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:36:33, on 12.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\khooker.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.bleepingcomputer.com/forums/ind...n=posts&res

ult_type=topics&highlite=%2B
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Search with &Google - C:\Documents and Settings\Owner\Application Data\TuneUp Software\TuneUp

Utilities\Web\gsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.bleepingcomputer.com
O15 - Trusted Zone: http://www.crucial.com
O15 - Trusted Zone: http://www.download.com
O15 - Trusted Zone: http://*.windowsupdate.con
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/microsoftupdat...b?1168978261710
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdat...b?1168978239408
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update

Service\livesrv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities

2006\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender

Communicator\xcommsvr.exe

--
End of file - 8250 bytes

-- Files created between 2008-03-12 and 2008-04-12 -----------------------------

2008-04-10 03:29:04 0 d-------- C:\Program Files\Lavasoft
2008-04-06 21:37:27 0 d-------- C:\Program Files\autoruns
2008-04-06 14:39:51 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-04-05 01:49:12 0 d-------- C:\WINDOWS\Sun
2008-04-01 03:01:59 0 d-------- C:\getservice
2008-03-30 20:44:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-30 00:41:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-26 01:14:23 0 d-------- C:\Program Files\Trend Micro
2008-03-20 22:21:51 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Adobe
2008-03-20 22:12:36 8388608 --a------ C:\Documents and Settings\Owner\ntuser.dat
2008-03-20 21:29:55 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2008-03-20 18:50:43 0 d-------- C:\WINDOWS\pss
2008-03-18 19:34:49 0 d-------- C:\Documents and Settings\Owner\Application Data\Bitdefender
2008-03-18 19:31:40 0 d-------- C:\Program Files\BitDefender
2008-03-18 19:31:40 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-03-18 19:28:28 0 d-------- C:\Program Files\Common Files\BitDefender


-- Find3M Report ---------------------------------------------------------------

2008-04-11 18:18:49 0 d-------- C:\Program Files\TuneUp Utilities 2006
2008-04-11 18:13:10 0 d-------- C:\Program Files\Insight Calendar
2008-04-10 03:23:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-19 00:05:19 0 d-------- C:\Program Files\Common Files
2008-03-18 17:25:26 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-02-16 20:38:56 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 02:11]
"SiS KHooker"="C:\WINDOWS\System32\khooker.exe" [25.01.2002 03:30]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [09.10.2007 15:46]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [16.02.2008 17:45]
"Cmaudio"="cmicnfg.cpl" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [26.12.2007 18:49]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28.01.2008 11:43]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [15.5.2003 2:19:50]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23.9.2005 22:05:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=00000000
"MaxRecentDocs"=11 (0xb)
"GreyMSIAds"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G]
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WudfSvc"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"UxTuneUp"=2 (0x2)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"scan"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PlugPlay"=2 (0x2)
"NwSapAgent"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=2 (0x2)
"mnmsrvc"=3 (0x3)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"Irmon"=2 (0x2)
"ImapiService"=3 (0x3)
"HTTPFilter"=2 (0x2)
"helpsvc"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"Dnscache"=2 (0x2)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"cisvc"=3 (0x3)
"Browser"=2 (0x2)
"BITS"=3 (0x3)
"AudioSrv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"Alerter"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-04-12 15:42:28 ------------


And extra was created this morning, there`s not new one.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Unable to create WMI object.

Architecture: X86; Language: English

Percentage of Memory in Use: 80%
Physical Memory (total/avail): 239.48 MiB / 46.89 MiB
Pagefile Memory (total/avail): 707.54 MiB / 230.54 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1943.28 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 18.62 GiB total, 6.45 GiB free.
D: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NENA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\NENA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=NENA
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 6.0 Professional --> MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.5 Language Support --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AirPlus G --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{2B7E4354-0492-460A-BDB1-1F59EE141025} /l1033
ANIO Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Astro123 --> C:\WINDOWS\ST5UNST.EXE -n "c:\Documents and Settings\Owner\Desktop\Nena\razno\astrolab\ST5UNST.LOG"
BDAspy (remove only) --> C:\Program Files\Softwin\BDAspy\Uninstall.exe
BitDefender Internet Security 2008 --> MsiExec.exe /I{BF7D87C5-CFC3-40C5-A367-24586EEBB8CA}
C-Media WDM Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
eBook SWITCHWORDS --> C:\WINDOWS\dbrmdwb.bat SWITCHWORDS
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IChing Diviner 2.1 --> C:\IChing Diviner2.1\Uninstal.exe
Insight Calendar --> "C:\Program Files\Insight Calendar\unins000.exe"
Jagannatha Hora --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Jyotisha\Jagannatha Hora\Uninst.isu"
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Nero 7 Premium --> MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
RegCure 1.5.0.0 --> C:\Program Files\RegCure\uninst.exe
SiS 650 --> RUNDLL32 setuplib.dll,UnInstall ,315&ISUNINST -f"C:\PROGRA~1\SISCOM~1.07B\DeIsL1.isu"&P.U 4 sisgr.inf&-1
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe
SiS Audio Driver --> C:\Progra~1\SiS7012\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7012
Smart Link 56K Modem --> C:\WINDOWS\Modio\SLAMRNTV\slclean.exe
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
The Tao Te Ching --> C:\Program Files\The Tao Te Ching\Uninstal.exe
TuneUp Utilities 2006 --> MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2643 / Error
Event Submitted/Written: 04/12/2008 05:03:31 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type2642 / Error
Event Submitted/Written: 04/12/2008 05:03:31 AM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type2641 / Error
Event Submitted/Written: 04/12/2008 05:03:31 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type2640 / Error
Event Submitted/Written: 04/12/2008 05:03:31 AM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type2639 / Error
Event Submitted/Written: 04/12/2008 05:03:30 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type664950 / Warning
Event Submitted/Written: 04/12/2008 05:04:38 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00A0CCD103F4. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type664949 / Error
Event Submitted/Written: 04/12/2008 04:33:35 AM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 192.168.1.4 on the
Network Card with network address 00A0CCD103F4.

Event Record #/Type664948 / Warning
Event Submitted/Written: 04/12/2008 04:33:35 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00A0CCD103F4. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type664947 / Warning
Event Submitted/Written: 04/12/2008 04:32:52 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00A0CCD103F4. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type664946 / Warning
Event Submitted/Written: 04/12/2008 04:30:49 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00A0CCD103F4. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-04-12 05:09:02 ------------

Again, thank you for your time. I`m happy to benefit from your knowledge. I told you what I`ve been doing, so you can bet I`m really gratefull.

And now I promise I won`t do anything with my computer untill you tell me to. When master speaks, pupil listens.

Till latter. I`ll check here again in hour and a half, I don`t want to stay online too long.

Istra
Sometimes I think I understand everything... then I regain consciousness.

#8 Istra

Istra
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 12 April 2008 - 10:28 AM

Hey you scared me.

I`m not doing anything anymore, just posting. Please, read at the bottom of my last post. :blink: I`ll wait for you

Oh, man, I`m still lauhging :thumbsup:

Won`t touch anything.

Istra
Sometimes I think I understand everything... then I regain consciousness.

#9 katana

katana

    MRU Expert


  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester (UK)
  • Local time:09:12 AM

Posted 12 April 2008 - 10:28 AM

Okay, now we are sitting comfortably I will begin.

I have no wish to offend you but you have probably done far more harm than good :thumbsup:

Have a look at the following while I look at your last logs.

2. went through \windows and \system32, checked if everything is signed by a known SW company, and deleted all I did not know how gets on my computer.

!!**!! There are probably THOUSANDS of legitimate files that are not signed by the company that creates them.
Microsoft files included.
You have more than likely deleted files that are needed to run your programs


3. Now I have warning at startup about svchost has performed something illegal and has to be stopped, and I have to run it again. I didn`t and saw that I used to have 9 svchost processes running, and now there`s only 8.
See !!**!!

3a. BitDef`s firewall lists processes rapimgr.exe and wcesmgr.exe in C:\Program Files\Microsoft ActiveSync\. When I tried to block them, it said that it`s invallid directory, deleting them creates first any process and deleting any creates a system process, both in .\system folder. Now I have 7 systems and I don`t touch them any more. wacko.gif
These are both valid files, why did you block them ?

4. I updated and run Antymalware SWs every day, staying off-line mostly. Programms were damaged several times, and I had to reinstall them.
See !!**!!

5. I run DSS this morning, and it found sites I never opened. Here`s the list:
127.0.0.1 .archivioadulti.com
127.0.0.1 .internet-explorer.name
127.0.0.1 .katasearch.com
127.0.0.1 .preferiti-windows.com
127.0.0.1 .qoogler.com
127.0.0.1 .tuttoavolonta.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
That sounds like your host file list, they are supposed to be there.
127.0.0.1 means that the site url next to it can never ever be opened on your machine


8. I suspect that my computer has been used as a server in some network, because my provider is T-Com Croatia Internet network, at IP 195.29.150.5, and my DSL Connection says my IP 192.168.1.4. at gateway 192.168.1.1. I`ll check it with my provider.
I take it that you have a router ? 192.168.*.* is a standard router IP that connects your machine to the router.

10. I`m getting a lot of spam. I blocked these addresses in Outlook Express, but they change all the time. I suspect that they are stollen, and maybe some poor souls out there are getting mails from me pushing some enlargement products... I haven`t opened my mail from sunday.
Everybody gets spam, lets have a check on your machine before we get excited about them.
Posted Image

#10 katana

katana

    MRU Expert


  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester (UK)
  • Local time:09:12 AM

Posted 12 April 2008 - 10:31 AM

Hey you scared me.

Sorry, but actually that was my intention :blink:


I`m not doing anything anymore,

It got exactly the result I need :thumbsup:
Posted Image

#11 Istra

Istra
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 12 April 2008 - 10:40 AM

OK, I`m here
Sometimes I think I understand everything... then I regain consciousness.

#12 Istra

Istra
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 12 April 2008 - 11:00 AM

Hey, do you know what keeps computers running? :thumbsup:
Sometimes I think I understand everything... then I regain consciousness.

#13 katana

katana

    MRU Expert


  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester (UK)
  • Local time:09:12 AM

Posted 12 April 2008 - 12:40 PM

Hey, do you know what keeps computers running? :blink:


I am surprised that your machine is working at all :thumbsup:
You should send a thankyou to Microsoft for the File Protection system installed :wacko:

Right, let's see what we can salvage .....

Are the files you deleted from windows and system32 still in the recycle bin ?

When did you last set a restore point ?

How many of your programs don't work ?

Edited by katana, 12 April 2008 - 12:45 PM.

Posted Image

#14 Istra

Istra
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 12 April 2008 - 01:14 PM

Hey, you`re back.

Let`s go step by step.

1. It works because I fight those bastards for weeks now. Some of them I have to literaly scratch from silicium. Anybody who know about my problem tels me to fdisk.

2. I have set automatic update to everything possible, and I keep my security settings at parranoic level.

3. I empty recycle bin regulary, as well as other temporary files.

4. Last restore point is set when I reinstall AdAware on 10.03. 3:28 (night). Deckard`s created some backup after scanning this morning at 5:01.

5. Everything works, at whooping speed. for instance, reboot tooks 15 minutes lately.

And you quoted a joke

I`ve been told that computers, as other electronic devices, work on white smoke. Because when the smoke evaporates, computers stop working. :thumbsup:

So, shell we fdisk. I hate it, after I feel like in a hotel.

Staying here,

Istra
Sometimes I think I understand everything... then I regain consciousness.

#15 katana

katana

    MRU Expert


  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester (UK)
  • Local time:09:12 AM

Posted 12 April 2008 - 01:18 PM

4. Last restore point is set when I reinstall AdAware on 10.03. 3:28 (night). Deckard`s created some backup after scanning this morning at 5:01.


Did you delete the files from Windows and System32 before or after you reinstalled AdAware ?

If it was before, then in all honesty you will probably be quicker if you format and start from scratch.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users