Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Invalid REG files association


  • Please log in to reply
34 replies to this topic

#1 cazabra

cazabra

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 11 March 2012 - 04:55 AM

I was recently hit by a trojan.. backed up my data and simply bought another computer.
i had a tech friend scan my external data with several softwares .. malwarebytes, eset online scanner, and kaspersky internet security and av (which i am running full time on this new machine)
he said it was clean.
i ran a malwarebytes scan and got this as a reported PUM
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu)

i bought the pc from bestbuy and they said it could be from the tweaks they do and to ignore it.

i ran full scans and everything was clean ..
i have now just installed MS OFFICE and OUTLOOK
(office was an oem cd but outlook was an exe from my old data backup drive which scanned clean by everything)
i ran eset online scanner and mbam .. they find nothing
but kaspersky found this with the vulnerability scan

Invalid REG files association

I had the kaspersky FIX this problem, but I am very paranoid now that there was something on my data drive which is now on my new system.


http://www.getsysteminfo.com/read.php?file=dd9552c7c881d2c3bc69018a86f2d670


i am very freaked out by this and look forward to your reply


This version of Kaspersky Internet Security & Anti-Virus .. doesn't appear to have a real firewall and i am concerned something may be sending things out from my machine.
i just found this cookie, which some sites say is bad
apmebf


thank you for your help.

I had an OTL log here, but i want to make sure that isn't against the rules..

i have installed zonealarm free to add some firewall protection, but i still see a ton of traffic even with all browsers closed (task manager confirms)

ie
TCP    192.168.1.2:53129      38.113.165.71:https    TIME_WAIT
TCP    192.168.1.2:53131      a:http                 ESTABLISHED
TCP    192.168.1.2:53134      38.113.165.71:https    TIME_WAIT
TCP    192.168.1.2:53136      a:http                 ESTABLISHED
TCP    192.168.1.2:53138      24-234-21-83:http      ESTABLISHED
TCP    192.168.1.2:53139      38.113.165.71:https    TIME_WAIT
TCP    192.168.1.2:53140      38.113.165.71:https    TIME_WAIT
TCP    192.168.1.2:53141      38.113.165.71:https    TIME_WAIT
TCP    192.168.1.2:53146      38.113.165.71:https    TIME_WAIT
TCP    192.168.1.2:53147      38.113.165.71:https    TIME_WAIT
TCP    192.168.1.2:53148      38.113.165.71:https    TIME_WAIT
TCP    192.168.1.2:53150      ec2-50-17-210-255:http  ESTABLISHED
TCP    192.168.1.2:53152      24-234-21-96:http      ESTABLISHED
TCP    192.168.1.2:53153      38.113.165.71:https    TIME_WAIT
TCP    192.168.1.2:53154      38.113.165.71:https    TIME_WAIT
TCP    192.168.1.2:53157      38.113.165.71:https    TIME_WAIT
TCP    192.168.1.2:53158      38.113.165.71:https    TIME_WAIT
TCP    192.168.1.2:53161      38.113.165.71:https    TIME_WAIT
TCP    192.168.1.2:53162      38.113.165.71:https    TIME_WAIT
TCP    192.168.1.2:53163      38.113.165.71:https    TIME_WAIT
TCP    192.168.1.2:53164      38.113.165.71:https    TIME_WAIT
TCP    192.168.1.2:53165      38.113.165.71:https    TIME_WAIT
TCP    192.168.1.2:53166      38.113.165.71:https    TIME_WAIT
TCP    192.168.1.2:53167      38.113.165.71:https    TIME_WAIT
TCP    192.168.1.2:53169      ec2-50-17-210-255:http  ESTABLISHED
TCP    192.168.1.2:53170      38.113.165.71:https    TIME_WAIT
TCP    192.168.1.2:53171      38.113.165.71:https    TIME_WAIT
TCP    192.168.1.2:53172      38.124.168.116:http    TIME_WAIT
TCP    192.168.1.2:53173      38.113.165.80:https    ESTABLISHED

my concern is that my data backup or firefox sync got infected and not detected and they are back on my machine and look legitimate to the av and mbam

your assistance appreciated

thanks
w

forgot to post ..
windows 7 with mbam and kaspersky antivirus 2012

Edited by cazabra, 11 March 2012 - 11:33 AM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:34 AM

Posted 11 March 2012 - 12:20 PM

Welcome aboard Posted Image

Are you having any problems with turning Windows firewall ON?

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 cazabra

cazabra
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 11 March 2012 - 02:29 PM

THANK YOU ! very much for taking the time to do this..

at the time of the above posts, Kaspersky Anti Virus and Zone Alarm Pro, and MBAM Pro were running.

I apologize for jumping the gun, but I got really paranoid, so I removed Kaspersky AV and upgraded/installed Zone Alarm Extreme (which states it has keylogger defense)
it disabled windows firewall, but i am able to turn it on.
at the time of these tests .. windows firewall and zone alarm extreme and mbam pro are on

I wish I could read half of this because some of it doesn't look like it should be there.



================================================
SECURITY CHECK
================================================
Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm Extreme Security
ZoneAlarm Security Toolbar
ZoneAlarm DataLock
ZoneAlarm Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Adobe Reader X (10.1.2)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
``````````End of Log````````````

================================================



================================================
FARBAR SS
================================================
Farbar Service Scanner Version: 01-03-2012
Ran by Owner (administrator) on 11-03-2012 at 12:16:03
Running from "C:\Users\Owner\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is blocked.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe
[2011-11-27 17:50] - [2011-03-01 01:07] - 0027648 ____A (Microsoft Corporation) 6F68F63794097E54F36474ED4384B759

C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


========================================================================


================================================
MINI TOOLBOX
================================================
MiniToolBox by Farbar Version: 18-01-2012
Ran by Owner (administrator) on 11-03-2012 at 12:18:06
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® Centrino® Advanced-N 6230 = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Owner-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : 88-53-2E-92-6D-33
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 88-53-2E-92-6D-33
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6230
Physical Address. . . . . . . . . : 88-53-2E-92-6D-32
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, March 11, 2012 11:33:43 AM
Lease Expires . . . . . . . . . . : Monday, March 12, 2012 11:33:42 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 88-53-2E-92-6D-36
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : E8-03-9A-2A-1A-8C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.224.135
74.125.224.136
74.125.224.137
74.125.224.142
74.125.224.128
74.125.224.129
74.125.224.130
74.125.224.131
74.125.224.132
74.125.224.133
74.125.224.134


Pinging google.com [74.125.224.73] with 32 bytes of data:
Reply from 74.125.224.73: bytes=32 time=32ms TTL=57
Reply from 74.125.224.73: bytes=32 time=30ms TTL=57

Ping statistics for 74.125.224.73:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 30ms, Maximum = 32ms, Average = 31ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.127.62
98.139.183.24
209.191.122.70


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=49ms TTL=56
Reply from 209.191.122.70: bytes=32 time=48ms TTL=56

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 48ms, Maximum = 49ms, Average = 48ms
Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
===========================================================================
Interface List
16...88 53 2e 92 6d 33 ......Microsoft Virtual WiFi Miniport Adapter #2
15...88 53 2e 92 6d 33 ......Microsoft Virtual WiFi Miniport Adapter
14...88 53 2e 92 6d 32 ......Intel® Centrino® Advanced-N 6230
12...88 53 2e 92 6d 36 ......Bluetooth Device (Personal Area Network)
11...e8 03 9a 2a 1a 8c ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.3 281
192.168.1.3 255.255.255.255 On-link 192.168.1.3 281
192.168.1.255 255.255.255.255 On-link 192.168.1.3 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.3 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.3 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/11/2012 11:33:44 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA

"Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2012 11:23:16 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA

"Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2012 10:24:48 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA

"Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2012 10:17:57 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA

"Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2012 09:38:21 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA

"Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2012 07:36:21 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA

"Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/10/2012 11:40:46 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows

\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests

\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/10/2012 11:40:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows

\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests

\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/10/2012 10:13:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: AcroRd32.exe, version: 10.1.2.45, time stamp: 0x4f02e382
Faulting module name: AcroRd32.exe, version: 10.1.2.45, time stamp: 0x4f02e382
Exception code: 0xc0000005
Fault offset: 0x0005e985
Faulting process id: 0x1b70
Faulting application start time: 0xAcroRd32.exe0
Faulting application path: AcroRd32.exe1
Faulting module path: AcroRd32.exe2
Report Id: AcroRd32.exe3

Error: (03/10/2012 10:07:46 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows

\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests

\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (03/11/2012 11:32:57 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (03/11/2012 11:22:28 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (03/11/2012 10:44:22 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to

connect.

Error: (03/11/2012 10:43:32 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to

connect.

Error: (03/11/2012 10:24:03 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (03/11/2012 10:23:14 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error:
%%5

Error: (03/11/2012 10:06:44 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to

connect.

Error: (03/11/2012 10:01:11 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (03/11/2012 09:37:16 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (03/11/2012 07:35:40 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:33:25 AM on ?3/?11/?2012 was unexpected.


Microsoft Office Sessions:
=========================
Error: (03/11/2012 11:33:44 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA

"Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2012 11:23:16 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA

"Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2012 10:24:48 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA

"Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2012 10:17:57 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA

"Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2012 09:38:21 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA

"Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2012 07:36:21 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA

"Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/10/2012 11:40:46 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests

\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Owner

\Downloads\esetsmartinstaller_enu.exe

Error: (03/10/2012 11:40:38 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests

\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Owner

\Downloads\esetsmartinstaller_enu.exe

Error: (03/10/2012 10:13:05 PM) (Source: Application Error)(User: )
Description: AcroRd32.exe10.1.2.454f02e382AcroRd32.exe10.1.2.454f02e382c00000050005e9851b7001ccff41e9c841f3C:\Program

Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exeC:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exee1bb13b7-

6b38-11e1-b054-88532e926d36

Error: (03/10/2012 10:07:46 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests

\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestF:\ANKH\DESKTOP\w

\bleepingcomputer\esetsmartinstaller_enu.exe


=========================== Installed Programs ============================

???? ??? Windows Live (Version: 15.4.3502.0922)
???? Windows Live (Version: 15.4.3502.0922)
?????? ??????? ?? Windows Live (Version: 15.4.3502.0922)
???????? ?????????? Windows Live (Version: 15.4.3502.0922)
?????????? Windows Live (Version: 15.4.3502.0922)
??????????? ?? Windows Live (Version: 15.4.3502.0922)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.34)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.63)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Agatha Christie - Death on the Nile (Version: 2.2.0.82)
Amazon Kindle
AMD APP SDK Runtime (Version: 2.4.650.9)
Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.12.5.0)
ATI Catalyst Install Manager (Version: 3.0.829.0)
„Windows Live Essentials“ (Version: 15.4.3502.0922)
„Windows Live Mail“ (Version: 15.4.3502.0922)
„Windows Live Messenger“ (Version: 15.4.3538.0513)
„Windows Live“ fotogalerija (Version: 15.4.3502.0922)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Best Buy pc app (Version: 3.0.0.0)
Bing Bar (Version: 7.0.610.0)
Build-a-lot (Version: 2.2.0.82)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2011.0902.1044.17395)
Catalyst Control Center InstallProxy (Version: 2011.0902.1044.17395)
Catalyst Control Center Localization All (Version: 2011.0902.1044.17395)
Catalyst Control Center Profiles Mobile (Version: 2011.0902.1044.17395)
ccc-utility64 (Version: 2011.0902.1044.17395)
CCC Help Chinese Standard (Version: 2011.0902.1043.17395)
CCC Help Chinese Traditional (Version: 2011.0902.1043.17395)
CCC Help Czech (Version: 2011.0902.1043.17395)
CCC Help Danish (Version: 2011.0902.1043.17395)
CCC Help Dutch (Version: 2011.0902.1043.17395)
CCC Help English (Version: 2011.0902.1043.17395)
CCC Help Finnish (Version: 2011.0902.1043.17395)
CCC Help French (Version: 2011.0902.1043.17395)
CCC Help German (Version: 2011.0902.1043.17395)
CCC Help Greek (Version: 2011.0902.1043.17395)
CCC Help Hungarian (Version: 2011.0902.1043.17395)
CCC Help Italian (Version: 2011.0902.1043.17395)
CCC Help Japanese (Version: 2011.0902.1043.17395)
CCC Help Korean (Version: 2011.0902.1043.17395)
CCC Help Norwegian (Version: 2011.0902.1043.17395)
CCC Help Polish (Version: 2011.0902.1043.17395)
CCC Help Portuguese (Version: 2011.0902.1043.17395)
CCC Help Russian (Version: 2011.0902.1043.17395)
CCC Help Spanish (Version: 2011.0902.1043.17395)
CCC Help Swedish (Version: 2011.0902.1043.17395)
CCC Help Thai (Version: 2011.0902.1043.17395)
CCC Help Turkish (Version: 2011.0902.1043.17395)
Chuzzle Deluxe (Version: 2.2.0.82)
CyberLink Media Suite (Version: 8.0.2227)
CyberLink Media+ Player10 (Version: 10.0.1110.00)
CyberLink MediaShow (Version: 5.0.1130a)
CyberLink Power2Go (Version: 6.1.3802)
CyberLink PowerDirector (Version: 8.0.3306)
CyberLink YouCam (Version: 3.1.4417)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.82)
Easy File Share (Version: 1.1.1705)
Easy Migration (Version: 1.0)
Easy Settings (Version: 1.1)
Easy Software Manager (Version: 1.1.26.20)
Easy Support Center 1.0 (Version: 1.1.44)
ESET Online Scanner v3
ETDWare PS/2-X64 10.0.7.2_WHQL (Version: 10.0.7.2)
ExpressCache (Version: 1.0.64)
Farm Frenzy (Version: 2.2.0.82)
Fotogalerija Windows Live (Version: 15.4.3502.0922)
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922)
Galeria fotografii uslugi Windows Live (Version: 15.4.3502.0922)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Galerie foto Windows Live (Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (Version: 15.4.3502.0922)
HP Deskjet 3050A J611 series Basic Device Software (Version: 25.0.571.0)
HP Deskjet 3050A J611 series Help (Version: 140.0.2.2)
HP Update (Version: 5.003.000.004)
Insaniquarium Deluxe (Version: 2.2.0.82)
Intel PROSet Wireless
Intel® Display Audio Driver (Version: 6.14.00.3074)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 1.2.1.0608)
Intel® PROSet/Wireless WiFi Software (Version: 14.2.1000)
Intel® Rapid Storage Technology (Version: 10.1.5.1001)
Intel® WiDi (Version: 2.2.14.0)
Intel® Wireless Display
Interactive Guide (Version: 1.2)
John Deere Drive Green (Version: 2.2.0.82)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Multimedia POP (Version: 1.0)
Peggle (Version: 2.2.0.82)
Penguins! (Version: 2.2.0.82)
Plants vs. Zombies (Version: 2.2.0.82)
Poczta uslugi Windows Live (Version: 15.4.3502.0922)
Podstawowe programy Windows Live (Version: 15.4.3502.0922)
Polar Golfer (Version: 2.2.0.82)
Pošta Windows Live (Version: 15.4.3502.0922)
PX Profile Update (Version: 1.00.1.)
Raccolta foto di Windows Live (Version: 15.4.3502.0922)
Realtek Ethernet Controller Driver (Version: 7.45.516.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6428)
RoboForm 7-7-4 (All Users) (Version: 7-7-4)
S?????? f?t???af??? t?? Windows Live (Version: 15.4.3502.0922)
Samsung Kies (Version: 2.0.0.11044_11)
Samsung Recovery Solution 5 (Version: 5.0.1.8)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.2300.0)
Skype™ 4.2 (Version: 4.2.169)
Software Launcher (Version: 1.0.2)
Trillian
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Excel 2010 (KB2553439) 64-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2597091) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 64-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
User Guide (Version: 1.4)
VC 9.0 Runtime (Version: 1.0.0)
WildTangent Games (Version: 1.0.1.5)
WildTangent ORB Game Console
Windows Live ?? (Version: 15.4.3502.0922)
Windows Live ?? ??? (Version: 15.4.3502.0922)
Windows Live ??? (Version: 15.4.3502.0922)
Windows Live ??? (Version: 15.4.3538.0513)
Windows Live ???? (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Fotótár (Version: 15.4.3502.0922)
Windows Live Foto-galerija (Version: 15.4.3502.0922)
Windows Live fotoattelu galerija (Version: 15.4.3502.0922)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live Fotogalleri (Version: 15.4.3502.0922)
Windows Live Fotogaléria (Version: 15.4.3502.0922)
Windows Live Fotograf Galerisi (Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (Version: 15.4.3502.0922)
Windows Live Galerija fotografija (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Pošta (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Temel Parçalar (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Liven asennustyökalu (Version: 15.4.3502.0922)
Windows Liven sähköposti (Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (Version: 15.4.3502.0922)
WinRAR 4.11 (64-bit) (Version: 4.11.0)
ZoneAlarm Antivirus (Version: 10.1.079.000)
ZoneAlarm DataLock (Version: 10.1.079.000)
ZoneAlarm Extreme Security (Version: 10.1.065.000)
ZoneAlarm Firewall (Version: 10.1.079.000)
ZoneAlarm Security (Version: 10.1.079.000)
ZoneAlarm Security Toolbar (Version: 6.7.0.6)
Zuma Deluxe (Version: 2.2.0.95)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 8105.55 MB
Available physical RAM: 5715.21 MB
Total Pagefile: 16209.29 MB
Available Pagefile: 13554.09 MB
Total Virtual: 4095.88 MB
Available Virtual: 3960.64 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:365 GB) (Free:305.55 GB) NTFS
2 Drive d: () (Fixed) (Total:545.65 GB) (Free:545.54 GB) NTFS
4 Drive f: (My Passport) (Fixed) (Total:931.48 GB) (Free:818.38 GB) NTFS

========================= Users: ========================================

User accounts for \\OWNER-PC

Administrator Guest Owner


**** End of log ****


================================================================


================================
MBAM
================================
Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.11.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

Protection: Enabled

3/11/2012 12:19:43 PM
mbam-log-2012-03-11 (12-19-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189675
Time elapsed: 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




================================================================


==============================
aswMBR
==================================

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-11 12:21:20
-----------------------------
12:21:20.494 OS Version: Windows x64 6.1.7601 Service Pack 1
12:21:20.494 Number of processors: 8 586 0x2A07
12:21:20.495 ComputerName: OWNER-PC UserName: Owner
12:21:21.284 Initialize success
12:21:23.919 AVAST engine defs: 12031101
12:21:51.466 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:21:51.469 Disk 0 Vendor: SAMSUNG_ 2AR1 Size: 953869MB BusType: 3
12:21:51.472 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
12:21:51.475 Disk 1 Vendor: SanDisk_ SSD_ Size: 7641MB BusType: 3
12:21:51.496 Disk 0 MBR read successfully
12:21:51.500 Disk 0 MBR scan
12:21:51.506 Disk 0 unknown MBR code
12:21:51.511 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:21:51.528 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 373760 MB offset 206848
12:21:51.535 Disk 0 Partition - 00 0F Extended LBA 558742 MB offset 765667328
12:21:51.566 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 21266 MB offset 1909970944
12:21:51.614 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 558741 MB offset 765669376
12:21:51.677 Disk 0 scanning C:\windows\system32\drivers
12:22:01.722 Service scanning
12:22:11.323 Modules scanning
12:22:11.337 Disk 0 trace - called modules:
12:22:11.381 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:22:11.391 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a6d6790]
12:22:11.402 3 CLASSPNP.SYS[fffff88001b5943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80094d8050]
12:22:12.330 AVAST engine scan C:\windows
12:22:15.924 AVAST engine scan C:\windows\system32
12:24:01.532 AVAST engine scan C:\windows\system32\drivers
12:24:09.419 AVAST engine scan C:\Users\Owner
12:25:22.961 AVAST engine scan C:\ProgramData
12:26:41.718 Scan finished successfully
12:27:10.567 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
12:27:10.571 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"


==================================================================================
==================================================================================


Thank you again

w

#4 cazabra

cazabra
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 11 March 2012 - 02:32 PM

one other quick question..
when i bought the computer, the admin user was Owner-PC
I changed that to my name .. and that is what it shows me in the user menu, but in all these logs, it is still Owner-PC
is that weird ?
how do i fix it ?

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:34 AM

Posted 11 March 2012 - 03:12 PM

Since ZA includes a firewall turn Windows firewall OFF.

when i bought the computer, the admin user was Owner-PC
I changed that to my name .. and that is what it shows me in the user menu, but in all these logs, it is still Owner-PC
is that weird ?

Nothing to worry about.

All your logs look perfectly clean.

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 cazabra

cazabra
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 11 March 2012 - 04:16 PM

you have no idea how much i appreciate your help ..

Sorry i'm a little wiggy, but the hackers got in my other machine so deep they reprogrammed my router, so i have all kinds of scenarios running through my head.

I apologize if this sounds redundant or silly, but considering I just installed ZA Extreme and it is blocking new stuff
.. and I was initially worried about tracking and keylogging (basically unauthorized outbound traffic),
would the logs indicate if there was anything on the system which would allow that before ZA ?

if i may as about 2 other things i made up in my paranoid state..
1.
On the old machine, used firefox sync, with a master password .. since they gained full access, I'm assuming they could have stolen my sync key, and captured my master password .. I didn't think about that until i used sync to set up firefox on this machine.
Yesterday I was filling out a web form which had cached data in it that I don't recall putting in fields with the same labels. Some of it was familiar data but some was not, (like a couple of number strings was showing up as options as well as my actual name when i was typing in a name field .. and someone elses address in an address field (the address was one of a business i had dealt with, but i don't recall ever typing it in a form like that) )
i had generated a new key before the sync to the new machine but I have now completely deleted my sync account and been changing passwords for days.
can i trust the residual sync data on my machine or should i delete the sync folder and reinstall firefox ?

2.
is it at all possible for them to have modified an archive or exe and if so, would it have retained the original modified date or have the date they messed with it ? this question is because I have the Outlook install as a zip with the exe inside, and i have another software install folder unpacked in a folder with the exe inside, on my backup drive.
my concern is that they modified either of them to install something bad to make it appear legit since it is part of a legit program. the modified date on both sets of files is the date i put them there.. but I didn't think it was possible for me to get completely invaded the first time either so i figure anything is possible :|

am i over thinking, or am i giving them ideas ;)


i am running eset now .. it will take a while as i have a couple large archives. (it's on 29% for 10 min now)

oh yea.. any idea why my computer name is still showing as Owner-PC ?


thank you again !!!
I wish it could be more, but I paypald you :)
w

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:34 AM

Posted 11 March 2012 - 04:20 PM

would the logs indicate if there was anything on the system which would allow that before ZA ?

Unfortunately no.

can i trust the residual sync data on my machine or should i delete the sync folder and reinstall firefox ?

It may be a good idea.
I'd also reset your router if you didn't do it yet.

2. All logs look clean so far...

...and thank you :)

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 cazabra

cazabra
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 11 March 2012 - 05:07 PM

I'm glad I asked.. i will remove the ff profile and reinstall.
with everything scanning clean, i am hoping this is sufficient, as I have considered running a full recovery using the OEM CDs.

I had run mbam pro and eset online scanner several times before coming here .. nothing found .. but I'm still concerned about what kind of data could have been transmitted if my FF sync was compromised. as i had the system running for a day with just kaspersky AV and windows firewall before I added ZA free, then replaced everything with ZA Extreme.
I'm going to change my passwords again anyway, but Even on secure websites, could it potentially have been set to send data to unauthorized parties ?

most importantly, my external data drive is being scanned here too, so if everything is scanning clean..is there any chance my outlook data file (which was on my backup) has any vulnerabilities ?

the computer name thing .. why are the logs showing Owner-PC ?

and i forgot if you guys can recommend software or not, but only finding ZA to do keylogging blocking, I chose them over full versions of anything else .. (and continue to run mbam pro) do you have a better recommendation ?

eset is at 75%

Also, i have had intermittent issues browsing bleepingcomputer.com.. i get your "We apologize for the temporary outage. .." page .. is that normal ?


thanks
w

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:34 AM

Posted 11 March 2012 - 05:13 PM

i have had intermittent issues browsing bleepingcomputer.com.. i get your "We apologize for the temporary outage. .." page .. is that normal ?

It happens once in a while to me too. Probably overloaded server. This is a huge site.

why are the logs showing Owner-PC ?

As I said, leave it alone. It could be adjusted through registry edit but it's really not worth messing with registry.

You'll be fine with ZA.

Let's see what Eset will show.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 cazabra

cazabra
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 11 March 2012 - 07:25 PM

i forgot to run Temp File Cleaner (TFC)
before running eset, but it scanned clean, and i have now run TFC and rebooted.
with this status, you personally would have no issues running this computer to do your banking etc ? ;)


my isp can't issue me a new ip without getting a new router.. would dyndns keep my isp issued isp hidden or does dyndns just add available network ips ?

i have another computer on this network, which was running eset internet security during the time i was hacked .. i would like to run scans on that to make sure it is safe for use.. can i continue in this thread, or start new ?

thanks again !

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:34 AM

Posted 11 March 2012 - 07:49 PM

It looks clean to me.

You don't need a new router to reset it.

Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE

We can check your other computer right here.
Do the router thing first though.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 cazabra

cazabra
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 11 March 2012 - 07:56 PM

thanks, but i have restarted the modem..pulled the battery .. reset the router .. and i get the same ip..
the isp says the ips are sticky to the modem once they are set .. but sometimes if you set your router to use a different mac address, it will force a change .. but i can't get that to work.

i will start on the other computer tomorrow .

talking more to the isp, i realized the ip i have now is actually one the hackers have.. i thought the isp reset it with my new computer, but it actually reset when i got a new modem last week thinking it had issues but it was the virus which wasnt discovered until a couple days later :(

ultimately, i don't know about you, but i am not comfortable keeping this ip and doing my online banking .. even with ZA


any info on dyndns if that would work instead would be cool
you are awesome to hang with me all day
thanks
wendy

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:34 AM

Posted 11 March 2012 - 08:08 PM

We don't understand each other.
Resetting a router doesn't change your computer IP.
It just removes any malicious setting which can be hiding in your router settings.

When your computer is clean and the router is reset all it can be seen from the outside is your router (not computer) IP:
192.168.1.x
This is a very same number for every person in the world who uses your brand of router.
That's one of the router's functions - to hide your computer IP.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 cazabra

cazabra
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 11 March 2012 - 08:32 PM

hmm .. i think i am more confused now :)
.. how do whatismyip.com and forums like this get my isp issued IP ?

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:34 AM

Posted 11 March 2012 - 10:37 PM

In order for any website to communicate with your browser it must know your computer IP.
When you are here for instance there is no interaction between "Bleepingcomputer" and "John Smith" because computer can't read names.
In fact this is a communication between BC IP and your IP.
Even if someone knows your computer IP this is not enough to access your computer.
Some malicious tool like a trojan or rootkit must be used to do so.
If, for instance I enter my IP address to "whois" search engine all I get is this:

United States South San Francisco Comcast Cable Communications Ip Services

where South San Francisco is not even the city where I live but some Comcast node.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users