Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

web redirect - fake antivirus pop ups - super slow


  • Please log in to reply

#61
Big O

Big O

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 04/01/2011 9:32:54 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/01/2011 8:12:04 PM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: A connection with the server could not be established

Log: 'Application' Date/Time: 03/01/2011 8:12:02 PM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Log: 'Application' Date/Time: 03/01/2011 8:12:02 PM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Log: 'Application' Date/Time: 03/01/2011 7:05:27 PM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: A connection with the server could not be established

Log: 'Application' Date/Time: 03/01/2011 7:05:26 PM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Log: 'Application' Date/Time: 03/01/2011 7:05:26 PM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Log: 'Application' Date/Time: 02/01/2011 2:15:29 PM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: A connection with the server could not be established

Log: 'Application' Date/Time: 02/01/2011 2:15:28 PM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Log: 'Application' Date/Time: 02/01/2011 2:15:28 PM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/01/2011 7:03:39 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user SYSTEMAX\Tim Oakley registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 02/01/2011 11:26:50 PM
Type: warning Category: 0
Event: 2002 Source: LoadPerf
The MOF file created for the Outlook service could not be loaded. The error code returned by the MOF Compiler is contained in the Record Data. Before the performance counters of this service can be collected by WMI the MOF file will need to be loaded manually. Contact the vendor of this service for additional information.
  • 0

Advertisements


#62
Big O

Big O

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
And it appears dds has also froze now. The disk sounds like its working but the system has locked up.
  • 0

#63
Big O

Big O

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
(I moved the window around)

Attached Thumbnails

  • 2011-01-04_09-42-22_593.jpg

  • 0

#64
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,367 posts
  • MVP
1. Open Avira AntiVir Personal. (There is likely an icon on your desktop, or in your system tray by the clock.)
2. Click the "Configuration" link on the main screen. This opens the configuration panel.
3. Check the "Expert mode" option.
4. Click on General > Security.
5. *Uncheck* the option titled "Protect files and registry entries from manipulation".
6. Click the "OK" button.
7. Reboot your computer.

Now try DDS again.

Your clock is not updating for some reason. Can you do a manual network time update again?

If you get it to update, open IE, Security, Windows Updates and see if you can get any updates from them.

Ron
  • 0

#65
Big O

Big O

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
I've gotten two windows updates since we've been working on this computer. The lastest one occurred today and just installed.

The time seems right when I check it, I don't always look down but when I do it is spot on with my cell phone. I did the manual sync with internet time and it was successful. Just completed the Avira settings, going to reboot and try DDS again
  • 0

#66
Big O

Big O

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Froze in the same spot (based on the dot status bar).
  • 0

#67
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,367 posts
  • MVP
Run a disk error check and see if your hard drive has problems. Start, My
Computer then right click on Local Drive C and select Properties (verify that it
shows you have at least 15% free) then Tools, Error-Checking => Check Now.
Check the 2 boxes then Start. It will tell you it can't do it now but will be
glad to schedule it for your next boot. Tell it OK. When you reboot it will
check your drive which usually takes 30-90 minutes.

Run Vino's Event Viewer as before and post the logs.

Ron
  • 0

#68
Big O

Big O

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Disk error check ran and gave me no notice of any problems. All 5 stages seemed to go through fine. I watched the last check and only got about 2 seconds of the report before it bleeped off, I saw 0 sector bad but nothing else. is there a log I need to post with this or if it reports nothing then everything is ok?


Vino's Event Viewer v01c run on Windows XP in English
Report run at 04/01/2011 10:19:24 PM
Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/01/2011 10:17:16 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 04/01/2011 10:17:16 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

Log: 'System' Date/Time: 04/01/2011 4:47:46 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 04/01/2011 4:47:46 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

Log: 'System' Date/Time: 04/01/2011 4:42:10 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 04/01/2011 4:42:10 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

Log: 'System' Date/Time: 04/01/2011 9:46:00 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 04/01/2011 9:46:00 AM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

Log: 'System' Date/Time: 03/01/2011 8:11:38 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 03/01/2011 8:11:38 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

Log: 'System' Date/Time: 03/01/2011 7:04:59 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 03/01/2011 7:04:59 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/01/2011 8:03:20 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.







Vino's Event Viewer v01c run on Windows XP in English
Report run at 04/01/2011 10:19:52 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/01/2011 10:17:41 PM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: A connection with the server could not be established

Log: 'Application' Date/Time: 04/01/2011 10:17:40 PM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Log: 'Application' Date/Time: 04/01/2011 10:17:40 PM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Log: 'Application' Date/Time: 04/01/2011 4:48:04 PM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: A connection with the server could not be established

Log: 'Application' Date/Time: 04/01/2011 4:48:03 PM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Log: 'Application' Date/Time: 04/01/2011 4:48:03 PM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Log: 'Application' Date/Time: 04/01/2011 4:42:27 PM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: A connection with the server could not be established

Log: 'Application' Date/Time: 04/01/2011 4:42:26 PM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Log: 'Application' Date/Time: 04/01/2011 4:42:26 PM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Log: 'Application' Date/Time: 04/01/2011 9:46:20 AM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: A connection with the server could not be established

Log: 'Application' Date/Time: 04/01/2011 9:46:18 AM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Log: 'Application' Date/Time: 04/01/2011 9:46:18 AM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Log: 'Application' Date/Time: 03/01/2011 8:12:04 PM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: A connection with the server could not be established

Log: 'Application' Date/Time: 03/01/2011 8:12:02 PM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Log: 'Application' Date/Time: 03/01/2011 8:12:02 PM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Log: 'Application' Date/Time: 03/01/2011 7:05:27 PM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: A connection with the server could not be established

Log: 'Application' Date/Time: 03/01/2011 7:05:26 PM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Log: 'Application' Date/Time: 03/01/2011 7:05:26 PM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Log: 'Application' Date/Time: 02/01/2011 2:15:29 PM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: A connection with the server could not be established

Log: 'Application' Date/Time: 02/01/2011 2:15:28 PM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/01/2011 7:03:39 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user SYSTEMAX\Tim Oakley registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 02/01/2011 11:26:50 PM
Type: warning Category: 0
Event: 2002 Source: LoadPerf
The MOF file created for the Outlook service could not be loaded. The error code returned by the MOF Compiler is contained in the Record Data. Before the performance counters of this service can be collected by WMI the MOF file will need to be loaded manually. Contact the vendor of this service for additional information.
  • 0

#69
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,367 posts
  • MVP
It doesn't seem to leave a log. You can check for the presence of files or folders with names like c:\found.001 and dates corresponding to when it ran. This is where it puts any files or folders that it recovers. I had you run it since I know Combofix needs a clean disk to work properly. Don't know much about DDS but it's from the same guy so probably needs a clean disk too.

Does mbr.exe complete now?

Try Combofix again.

Appears Google Update Service is broken so I'd just uninstall it.

The reason I was asking about windows updates is because of these errors:

Log: 'Application' Date/Time: 04/01/2011 10:17:41 PM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: A connection with the server could not be established

IF I paste
http://www.download....authrootseq.txt
into firefox or IE (from my Vista ) I get a blank page with:
1401CB5E642EFB1125

What do you get?

Ron
  • 0

#70
Big O

Big O

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
still locks up with mbr

I got 1401CB5E642EFB1125 (same as you) when I pasted the link in my IE browser.

Trying combofix now.
  • 0

Advertisements


#71
Big O

Big O

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Combofix (new version) locked up too
  • 0

#72
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,367 posts
  • MVP
Did you ever get ESET to run?

Start, Run, cmd, OK and type:

sfc  /scannow


If you have an XP CD put it in while sfc is running. If you don't or it doesn't like the one you have, just keep skipping or continue until it finishes.

Ron
  • 0

#73
Big O

Big O

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
I did get eset to work just fine. Had three issues which it cleaned by quaritine and delete. Runnign sfc right now
  • 0

#74
Big O

Big O

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
SFC ran all the way through, nothing happened when it finished just went back to cmd window.
  • 0

#75
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,367 posts
  • MVP
Did you have a CD or did it not need one?



1. Download UPHClean. To download and install UPHClean, visit the following Microsoft Web site:
http://www.microsoft...70-42470E2F3582 (http://www.microsoft...70-42470E2F3582)
You will be prompted to validate your copy of Windows.
2. As soon as you have downloaded the UPHClean installer (UPHClean-Setup.msi), double-click the installer to begin the installation.
3. In the User Profile Hive Cleanup Service installation wizard, click Next.
4. In the License Agreement page, read the license agreement, select I Agree, and then click Next.
5. In the Select Installation Folder page, click Next.
6. In the Confirm Installation page, click Next.
7. When UPHClean is installed, click Close.

Note UPHClean runs as a service in Windows and will start automatically every time that Windows starts.
8. To confirm that UPHClean is installed and running, click Start, and then click Run.
9. In Open box, type the following text, and then click OK:

services.msc

10. In Services, in the Name column, locate User Profile Hive Cleanup. In the Status column, confirm that the User Profile Hive Cleanup service is Started.


Download and save Dial-a-fix.zip from:
http://djlizard.net....-v0.60.0.24.zip

Right click on it and Extract All which will create a folder of the same name. In the folder find dial-a-fix.exe. Run it. At the bottom click on the double check mark then GO.

If it doesn't automatically reboot, do so then try mbr or combofix or DDS

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP