I think my PC is suffering from AIDS. Or leukaemia. Or both. Either there's not enough protection agains nasties or there's WAY TOO MUCH. So much it does more damage than any nasty code ever.

For the future reference, BitDefender is the AIDS and NVIDIA's firewall is the leukaemia (they like to call it "Network Access Manager").

Let's just say that I have to put my PC out of the misery soon. There's too much damage.

It all started one sunny day when I decided to put some more protection on my PC. (From now on, this is purely my subjective opinion). If the hijackthis is telling the truth (Log squeeky clean), and other ppl complaining about their FW corrupts files on HD, I must say that I've asked for it.

First, I loose the DVD. I think I've figured it out what happend with my DVD. I didn't actually loose the drive. It stopped to be recognised as DVD. It was "CD-ROM" later on (and still is). It burns in NERO anything it is soposed to. When I insert DVD in it, OS thinks it's 4.5 Gb CD. All the autoplay (audio cd, dvd movies) are gone.

My last thread was about trojan that rendered my recovery service dead. Well, it's not just that. There are haf-dosen services that fail to start. Including CdAudio and IMAPI, which are responsable for the lack od autoplay. And the whole concept of autoplaying anything on my opticals.

Last one I've noticed burried in my "services" branch is "nenum13e" calling for imaginate nenum13e.sys in my temp folder. On the net some say it's "numeric enumenator", and some it's nastie, and all the other say "unknown". It's gone now, but did it do the damage? Maybe.
Even if it was dooing of nenum13e or some other nastie that's nothing comared to what NVIDIA firewall did to me!!


"How?", you may ask your self... Well... this is my scenario:

It mandles with permissions. Including ones in system registry. A good intention indeed, but you know what they say about good intentions and the road to hell. It mandles with permissions, so the system can't change values in keyes. Ones regarding the detected IDE devices! And, whola! No DVD for you!
How did I found out? I couldn't delete the keys with my dvd drive info. Had to add/change my permition to full controll EVERY time I ran device detection. So if I can't change it, neither can the system. (yup, the system's permition was reduced too). It probbebly reduced no. of ports, making even more struggle with my system. And every now and then I get those in event viewer:

Event Type: Error
Event Source: ipnathlp
Event Category: None
Event ID: 31012
Date: 2.11.2006
Time: 2:30:19
User: N/A
Computer: ZVERKA
Description:
The DNS proxy agent encountered an error while obtaining the local list of name-resolution servers. Some DNS or WINS servers may be inaccessible to clients on the local network. The data is the error code.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: e8 00 00 00 รจ...

and


Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 2.11.2006
Time: 4:17:12
User: NT AUTHORITY\SYSTEM
Computer: ZVERKA
Description:
Windows saved user ZVERKA\Chaky registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

P.S. There are no services listed on computer managment /services and applications/services loged on any user account.

So.. long story, short:
BitDefender let the trojan(s) through (the AIDS metphore) and NVIDIA Firewall went into overkill (leukaemia). That's my theory.

If any one has any idea what's happening here... Pleeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeease respond.

Here's my Hijack log. I'll post more info (like regiistry) on request.

By the way, I've downloaded UPHClean from microsoft. Does anyone has a clue what this (the numbers) mean?

Event Type: Information
Event Source: UPHClean
Event Category: None
Event ID: 1401
Date: 2.11.2006
Time: 8:06:45
User: ZVERKA\Chaky
Computer: ZVERKA
Description:
The following handles in user profile hive ZVERKA\Chaky (S-1-5-21-1060284298-308236825-682003330-1003) have been remapped because they were preventing the profile from unloading successfully:

svchost.exe (1028)
HKCU (0x374)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

"svchost.exe (1028)" and "HK(ey)C(urrent)U(ser) (0x347)" don't make much sence to me.

This tool I've downloaded is for killing roaming profiles when shutting down.
I understand that something that has something to do with svchost.exe hangs my pc.

Would appritiate if someone explained to me those numbers.