Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need to work out if a crash in Flash Player was caused by an exploit attack


  • This topic is locked This topic is locked
10 replies to this topic

#1 rp88

rp88

  • Members
  • 2,900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:26 PM

Posted 05 January 2015 - 03:35 PM

I was watching a video online using flash player, running in firefox with noscript and adblockplus running as extensions. I had disabled adblockplus on the webapge because the video refused to function if I did not, I had allowed most of the scripts on the page (including one from google) within noscript.


I started playing the video (it was on a large legitimate site http://yesterday.uktv.co.uk/shows/ but I'm concerned about malvertising here so that fact doesn't make much difference) and moments later a window (I'm pretty sure it was a window not a pop-up designed to look like one because it appeared in my taksbar too)appeared saying something about a runtime error in windows C++ (I'm afraid I cannot remember the exact message), and another window also appeared with a mesage saying flash had crashed and whether I wanted to stop it or try and continue. I stopped it, disconnected from the internet and closed the browser. I went back to the same site a little later after reconnecting and this time the video played.

I would like help in working out if this was an exploit performed against me, if it has put a viurs onto my machine.
What can I check to know if that has happened?
I've noticed flash player was acting a little differently to normal after I went back to watch the video (if I paused the video in fullscreen mode then seconds later it came out of fullscreen mode until I resumed playing the video).

This is what I have done so far to try and work out if an exploit was performed:

I have searched through my files and not been able to spot any exe files created or modified today, there were none.

I have scanned with malwarebytes and it found no threats on a normal 10-15 minute threat scan.

I have checked CCleaner for new startup items that may have appeared, there are none.

I have looked in task manager to see if there are any processes running with names I have never seen before, I can't see any new names i haven't seen before but i know malware can use the names of normal processes to make it harder to spot.

I have looked for new files or folders within C:\Users\(my name)\AppData\Local\ C:\Users\(my name)\AppData\LocalLow\ and C:\Users\(my name)\AppData\Roaming\ there are none but I have not checked through every sub folder of all the folders within them.

I am scanning with AVG, and will edit this post to report it's findings when it finishes.
EDIT: It found nothing.

I have looked in event viewer to try and find the error but cannot find it so cannot give a better report here as to exactly what it was.



My operating System is Windows 8, my antivirus is AVG.
If a Minitoolbox or Security check log will help I am running them both as soon as AVG finishes.

Minitoolbox run whilst the computer was offline:

MiniToolBox by Farbar Version: 21-07-2014
Ran by (removed for privacy) (administrator) on 05-01-2015 at 20:44:56
Running from "D:\Users\(removed for privacy)\Downloads\security exe file downloads since reimaging"
Microsoft Windows 8 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Qualcomm Atheros AR946x Wireless Network Adapter = WiFi 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="WiFi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="WiFi 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 14" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : (removed for privacy)
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
Physical Address. . . . . . . . . : 12-D9-62-1D-2F-C0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter WiFi 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Qualcomm Atheros AR946x Wireless Network Adapter #2
Physical Address. . . . . . . . . : C0-D9-62-1D-2F-C0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : customer.(very similar to hosue address removed for privacy).lan
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 70-54-D2-8D-E8-F3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
21...12 d9 62 1d 2f c0 ......Microsoft Wi-Fi Direct Virtual Adapter #2
20...c0 d9 62 1d 2f c0 ......Qualcomm Atheros AR946x Wireless Network Adapter #2
12...70 54 d2 8d e8 f3 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [55296] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [72192] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [53760] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [64000] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/05/2015 05:37:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (01/05/2015 05:37:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (01/05/2015 05:12:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (01/05/2015 05:11:35 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (01/01/2015 10:41:55 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (01/01/2015 10:41:53 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (12/31/2014 11:41:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (12/29/2014 11:26:13 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (12/29/2014 11:25:02 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (12/29/2014 11:20:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.


System errors:
=============
Error: (12/10/2014 04:18:30 PM) (Source: DCOM) (User: (removed for privacy))
Description: 1053WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (12/10/2014 04:18:30 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (12/10/2014 04:18:30 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (12/10/2014 04:18:07 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/10/2014 04:18:07 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following service-specific error:
%%2147749126

Error: (12/01/2014 10:57:05 PM) (Source: Microsoft-Windows-FilterManager) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume14'. This volume will be unavailable for filtering until a reboot. The final status was 0xc03a001c.

Error: (12/01/2014 10:47:42 PM) (Source: Microsoft-Windows-FilterManager) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume10'. This volume will be unavailable for filtering until a reboot. The final status was 0xc03a001c.

Error: (11/30/2014 04:40:52 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with the following service-specific error:
%%3758213661

Error: (11/30/2014 04:40:51 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with the following service-specific error:
%%3758213661

Error: (11/30/2014 04:40:50 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with the following service-specific error:
%%3758213661


Microsoft Office Sessions:
=========================
Error: (01/05/2015 05:37:52 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestD:\Users\(removed for privacy)\Downloads\security exe file downloads since reimaging\esetsmartinstaller_enu.exe

Error: (01/05/2015 05:37:50 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestD:\Users\(removed for privacy)\Downloads\security exe file downloads since reimaging\esetsmartinstaller_enu.exe

Error: (01/05/2015 05:12:12 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:\program files (x86)\Nuance\naturallyspeaking12\Program\dragon_support_packager.exe

Error: (01/05/2015 05:11:35 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (01/01/2015 10:41:55 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestD:\Users\(removed for privacy)\Downloads\security exe file downloads since reimaging\esetsmartinstaller_enu.exe

Error: (01/01/2015 10:41:53 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestD:\Users\(removed for privacy)\Downloads\security exe file downloads since reimaging\esetsmartinstaller_enu.exe

Error: (12/31/2014 11:41:38 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestD:\Users\(removed for privacy)\Downloads\security exe file downloads since reimaging\esetsmartinstaller_enu.exe

Error: (12/29/2014 11:26:13 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:\program files (x86)\Nuance\naturallyspeaking12\Program\dragon_support_packager.exe

Error: (12/29/2014 11:25:02 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (12/29/2014 11:20:51 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe



=========================== Installed Programs ============================
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Atheros Bluetooth Filter Driver Package (HKLM\...\{026B819B-4D60-4C8B-892D-33A0D8666F60}) (Version: 2.0.0.3 - Atheros Communications)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4257 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
Blender (HKLM\...\Blender) (Version: 2.65a-release - Blender Foundation)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.12(T) - TOSHIBA CORPORATION)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ?Canon Inc.?)
Canon MG5400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5400_series) (Version: 1.00 - Canon Inc.)
Canon MG5400 series On-screen Manual (HKLM-x32\...\Canon MG5400 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG5400 series User Registration (HKLM-x32\...\Canon MG5400 series User Registration) (Version: - Canon Inc.?)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Claro ScreenMarker (HKLM-x32\...\{4E5FD3CA-F8C3-4D5A-A44A-6289C179FCFA}) (Version: 1.1.0 - Claro Software)
ClaroCapture (HKLM-x32\...\{54CBA75F-6623-4A18-A0D5-B7BE983F69FD}) (Version: 3.0.19 - Claro Software)
ClaroIdeas (HKLM-x32\...\{267F05DC-9816-4E68-A83A-6DAFA3A2BC50}) (Version: 2.1.0 - Claro Software)
ClaroRead Plus (HKLM-x32\...\{0389C7C3-A73B-4C16-909F-80C350EA8953}) (Version: 6.2.7 - Claro Software)
ClaroView (HKLM-x32\...\{A836EF85-4F9B-4BE0-904A-A56B6A48293F}) (Version: 1.0.12 - Claro Software)
Definition Update for Microsoft Office 2010 (KB2910899) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{4A25440C-70D7-45A3-881E-92DD0D6C0BDB}) (Version: - Microsoft)
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.000 - Nuance Communications Inc.)
eLearning Module Content version 2.0 (HKLM-x32\...\{8218117A-6682-485E-B7BA-305558DCEF0D}_is1) (Version: 2.0 - iansyst Ltd)
eLearning version 2.0 (HKLM-x32\...\{E1B01443-4A1D-4986-BECC-2D043E0CF893}_is1) (Version: 2.0 - iansyst Ltd)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google SketchUp 8 (HKLM-x32\...\{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}) (Version: 3.0.11752 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
KAZ (Keyboard A-Z) Version 20.5 (HKLM-x32\...\Kaz_10) (Version: - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 en-GB)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Olympus Sonority (HKLM-x32\...\{40CAF5AE-4E70-46C8-8AD8-4A036D32525C}) (Version: 1.4.3 - OLYMPUS IMAGING CORP.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
ScreenRuler (HKLM-x32\...\{46243C14-2485-45EE-9B4E-609B71B5D5FF}) (Version: 3.0.5 - Claro Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6626.6410 - Toshiba Corporation)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2589348) 64-Bit Edition (HKLM\...\{90140000-0016-0409-1000-0000000FF1CE}_Office14.SingleImage_{C7F57246-AFBD-4977-974F-9C7BCDFF648E}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2589348) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.SingleImage_{C7F57246-AFBD-4977-974F-9C7BCDFF648E}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2589348) 64-Bit Edition (HKLM\...\{90140000-001B-0409-1000-0000000FF1CE}_Office14.SingleImage_{C7F57246-AFBD-4977-974F-9C7BCDFF648E}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553140) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{8C0FFF5F-4CC1-48F5-9B3F-8DE7DA2E116F}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553140) 64-Bit Edition (HKLM\...\{90140000-006E-0409-1000-0000000FF1CE}_Office14.SingleImage_{8C0FFF5F-4CC1-48F5-9B3F-8DE7DA2E116F}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589386) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{B340E9EB-DDA6-40E7-8501-5B7BAEC6D25F}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597089) 64-Bit Edition (HKLM\...\{90140000-006E-0409-1000-0000000FF1CE}_Office14.SingleImage_{2CE7AC23-5E40-43BD-8DA3-8D17677D8199}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687275) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{9505441B-65A1-4AD5-B727-0CE42D24D2B7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837602) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{69CF587A-D75B-47F8-9D59-3958C37C0A88}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837602) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{69CF587A-D75B-47F8-9D59-3958C37C0A88}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2883019) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{956B3213-0246-42A8-A6FE-3EF7DC6E66A9}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2889818) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{8F8930D5-8742-437E-BD53-366A0372E882}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2889818) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{8F8930D5-8742-437E-BD53-366A0372E882}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2889828) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{569742BC-C32F-4C9C-9B21-18409AFF9599}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2910896) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0BD1F50F-19CE-40F8-B409-18CA5BD6E52D}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2910896) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.SingleImage_{512A0E32-6C63-4C73-9C82-FC1B10668ED8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2597088) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{B28BBA96-A9B0-4946-839D-36771176F8FD}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2597088) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{B28BBA96-A9B0-4946-839D-36771176F8FD}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2597088) 64-Bit Edition (HKLM\...\{90140000-00A1-0409-1000-0000000FF1CE}_Office14.SingleImage_{C7CCA745-11BC-4F86-951D-4DCB9396CDA2}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.SingleImage_{DBAC8ED2-9287-499E-AD66-590C7413C7DE}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2880517) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.SingleImage_{E524AD3D-6342-41BB-82D9-4EA962839356}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2880517) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{50E292AD-677D-4E6F-842A-D226E7B7C8DE}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version: - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vocalizer Daniel from Claro Software (HKLM-x32\...\{36FB67D5-2099-41E0-8E28-7E061828845C}) (Version: 1.2.1.0 - Claro Software)
Vocalizer Fiona from Claro Software (HKLM-x32\...\{AE789798-995E-47D0-A16C-55E97BCDBFC8}) (Version: 1.2.1.0 - Claro Software)
Vocalizer Karen from Claro Software (HKLM-x32\...\{BFF55ECD-AA48-4872-82A5-65BFD3598CB8}) (Version: 1.2.1.0 - Claro Software)
Vocalizer Lee from Claro Software (HKLM-x32\...\{8B0DF0EC-FCC1-4A97-86E4-E0D9720DAA92}) (Version: 1.2.1.0 - Claro Software)
Vocalizer Moira from Claro Software (HKLM-x32\...\{B8C81D28-7194-4F07-94BE-733615F498E9}) (Version: 1.2.1.0 - Claro Software)
Vocalizer Sangeeta from Claro Software (HKLM-x32\...\{B70556CA-E6DB-4ACD-92B5-1A5F85621690}) (Version: 1.2.1.0 - Claro Software)
Vocalizer Serena from Claro Software (HKLM-x32\...\{4345FA12-BFC9-492B-B47C-C7BEF6785398}) (Version: 1.2.1.0 - Claro Software)
Vocalizer Tom from Claro Software (HKLM-x32\...\{985F3407-E764-4D79-B1AB-ECA53FFBEC52}) (Version: 1.2.1.0 - Claro Software)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 3979.3 MB
Available physical RAM: 2008.67 MB
Total Pagefile: 11659.3 MB
Available Pagefile: 10143.68 MB
Total Virtual: 4095.88 MB
Available Virtual: 3978.79 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:197.9 GB) (Free:136.82 GB) NTFS
2 Drive d: () (Fixed) (Total:218.69 GB) (Free:153.43 GB) NTFS

========================= Users: ========================================

User accounts for \\(removed for privacy)

Administrator Guest (removed for privacy)

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

10-12-2014 15:59:05 Windows Update
22-12-2014 18:53:30 Scheduled Checkpoint
29-12-2014 23:17:50 Scheduled Checkpoint

**** End of log ****
R-Kill run whilst I was offline:
Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/05/2015 08:52:56 PM in x64 mode.
Windows Version: Windows 8

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 01/05/2015 08:53:08 PM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)
Security Check run whilst I was disconnected:
Results of screen317's Security Check version 0.99.91
x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2015
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 16.0.0.235
Mozilla Firefox (34.0)
Google Chrome (39.0.2171.71)
Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

FSS run whilst computer was offline

Farbar Service Scanner Version: 21-07-2014
Ran by (removed for privacy) (administrator) on 05-01-2015 at 21:22:51
Running from "D:\Users\(removed for privacy)\Downloads\security exe file downloads since reimaging"
Microsoft Windows 8 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

Hopefully those (and the MBAR scan I am running right now)should be able to help you work out if anything nasty has happened



I don't know whether this was an exploit attack or just a random crash, I want to be able to work out which. As well as help working out whether there has just been an attack I would like a kind of "list of symptoms and checks" I can go through in future to work out whether "drive-bys" have just happened to me or whether I have just had a harmless error.

Thank You

Edited by rp88, 05 January 2015 - 04:30 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

BC AdBot (Login to Remove)

 


m

#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:26 AM

Posted 05 January 2015 - 04:36 PM

From Mozilla / Firefox Help pages, this check list is a place to start .........Not sure of any other ideas at this time ...



#3 rp88

rp88
  • Topic Starter

  • Members
  • 2,900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:26 PM

Posted 05 January 2015 - 04:46 PM

My flash player was the latest version a few days ago when last checked. I'll check again now.

I have version 16.0.0.235, the latest one.

I certainly got one of those "unrepsonsive plugin" warnings, I remember i chose the option to stop the flash plugin when this happened.

What I can't work out though was whether the plugin became unresponsive because of harmless normal behaviours or because of a drive-by style exploit attack.

I had the plugin set on "Ask to Activate" at the time and had allowed it to run on that page at that time.

The links you've provided are helpful for solving problems like "this video won't play with flash..." but don't really suggest what happened here or how to work out if I've just been victim to a flash exploit.

malwarebytes anti-rootkit has just finished and it found nothing.

Thank You for responding so promptly.

Edited by rp88, 05 January 2015 - 04:48 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#4 rp88

rp88
  • Topic Starter

  • Members
  • 2,900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:26 PM

Posted 05 January 2015 - 05:10 PM

Are there any other tools I should run to give logs which might help here?
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#5 rp88

rp88
  • Topic Starter

  • Members
  • 2,900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:26 PM

Posted 06 January 2015 - 10:14 AM

I am getting quite concerned about this, I've noticed the computer has been freezing a little more lately than it usually does and that sometimes the flash plugin (two instances of it)are running in task manager even when I have it set to "never activate" within firefox. I've also spotted VSSVC.exe running in task manager and though I know it is usually a normal windows process it is running a lot all of a sudden when in the past I had barely ever seen it running. At the moment I am really needing to check emails but I'm concerned I might be infected, can anyone give me advice on how to work out IF I was exploited yesterday and IF there is any malware running at the moment on my machine. Would logs from a more recent version of MiniToolBox be more helpful?
I've run every scan I can think of but know that often malware can still hide despite these.
Scans so far:

(came up clean)
AVG
malwarebytes
malwarebytes anti-rootkit
ESET online scanner
EDIT: also scanned with kasperksy virus removal tool (latest version)


(made logs which I have already posted)
MiniToolBox
RKill
FSS
SecurityCheck

Edited by rp88, 06 January 2015 - 01:33 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#6 maggot7

maggot7

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 06 January 2015 - 01:31 PM

I would add HitmanPro and TDSS Killer. If those are clean in addition to the ones you've already mentioned, I think you're good. But if you're still unsure, you can always use ProcessExplorer or Autoruns to investigate further.

 

Don't forget how powerful those tools are and if they give you a clean bill, trust them. It would be unbelievably unlikely that malware would be able to evade all of those tools.



#7 rp88

rp88
  • Topic Starter

  • Members
  • 2,900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:26 PM

Posted 06 January 2015 - 01:34 PM

I've got an old version of TDSS killer, I'll download the latest one and try that too.

I have also checked out hitmanpro on this site, but It seems to be a free TRIAL not a free PROGRAM/TOOL so I don't know whether scanning with it now would mean I could not use it again in future.

Edited by rp88, 06 January 2015 - 01:40 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#8 rp88

rp88
  • Topic Starter

  • Members
  • 2,900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:26 PM

Posted 06 January 2015 - 01:54 PM

I have just scanned with TDSS killer, it found no threats. I ran it with all boxes under "change parameters" ticked EXCEPT for "Loaded Modules" because this asked me to restart and install some kind of driver in the process and I am not sure if I should do that because I know the amount of problems that can be causing by installing/updating/removing drivers on a system.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:26 AM

Posted 06 January 2015 - 03:43 PM

Often there are sections that we can not probe into in these forum areas, as you well know, if you are highly concerned see below -

 

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running DDS which will create two logs. Note: Windows 8.1 Users will not be able run DDS and create a log

When you have done that, Copy and Paste your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs or you're using Windows 8.1, then still start the new topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one, to prevent others answering incorrectly.



#10 rp88

rp88
  • Topic Starter

  • Members
  • 2,900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:26 PM

Posted 07 January 2015 - 10:26 AM

Have started a thread in that forum link is below

http://www.bleepingcomputer.com/forums/t/562413/diagnosing-if-i-have-been-infected-by-flash-exploit/

 

But have mentioned in that thread that this thread should be used to see the details I have already posted, so that I do not need to post these details twice. So you can lock this thread but please leave it so it can be viewed.


Edited by rp88, 07 January 2015 - 10:26 AM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:26 AM

Posted 07 January 2015 - 10:59 AM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 5 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users