Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads start when i start my computer and its running slow


  • Please log in to reply
5 replies to this topic

#1 runaway06

runaway06

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 18 July 2015 - 01:13 AM

I am using windows 8.1. My computer is running extremely slowly and now either random noises or a dog food ad runs every time I turn on my computer. I have tried using TDSSKiller, Malwarebytes, HitmanPro, AVG, and Adwcleaner. Nothing has helped the problems. I tried uninstalling and resetting chrome, firefox, and IE and none of those worked either. When I tried to download roguekiller, it says insufficient permissions on chrome. Thank you for any help



BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:05:50 PM

Posted 18 July 2015 - 01:49 AM

Hello,

 

What random noise? Can you take a screenshot of that Ad and upload image to: sendspace.com ?

 

------------

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

§  Flush DNS

§  Report IE Proxy Settings

§  Reset IE Proxy Settings

§  Report FF Proxy Settings

§  Reset FF Proxy Settings

§  List content of Hosts

§  List IP configuration

§  List Winsock Entries

§  List last 10 Event Viewer log

§  List Installed Programs

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

-------------

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.

There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe
http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
 

§  Double-click on the Rkill desktop icon to run the tool.

§  If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.

§  black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

§  If not, delete the file, then download and use the one provided in Link 2.

§  Do not reboot until instructed.

§  If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

-----------

Kaspersky Virus Removal Tool

Please download Kaspersky Virus Removal Tool from here.

§  Right click on KVRT.exe and select Run as Administrator.

§  Read the EULA, then select Accept.

§  Wait for Kaspersky Virus Removal Tool to initialize.

§  In the main screen, select Change parameters, place a checkmark in System drive, then click OK.

§  Click Start scan.

§  Wait for Kaspersky Virus Removal Tool to complete scanning.

§  When the scan is finished, select Neutralize all for all detected objects.

§  Close Kaspersky Virus Removal Tool when done.

Informe me if something is detected.

--------

Run again MBAM:

§  Click on the History tab > Application Logs.

§  Double click on the Scan Log which shows the Date and time of the scan just performed.

§  Click 'Export'.

§  Click 'Copy to Clipboard'

§  Paste the contents of the clipboard into your reply.

--------

Post here the latest AdwCleaner log.

-------

Please download Junkware Removal Tool to your desktop.

§  Shut down your protection software now to avoid potential conflicts.

§  Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

§  The tool will open and start scanning your system.

§  Please be patient as this can take a while to complete depending on your system's specifications.

§  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

§  Post the contents of JRT.txt into your next message.

------


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 runaway06

runaway06
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 18 July 2015 - 03:26 AM

The ads are all audio ads that play in the background. the noise that plays when the ad doesnt play on startup is a high-pitch beep. 

Here are the logs

 

MiniToolBox by Farbar  Version: 01-07-2015
Ran by rwaton (administrator) on 18-07-2015 at 02:53:51
Running from "C:\Users\rwaton\Desktop"
Microsoft Windows 8.1  (X64)
Model: Q550LF Manufacturer: ASUSTeK COMPUTER INC.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Intel® Dual Band Wireless-N 7260 = Wi-Fi (Connected)
PPPoP WAN Adapter = Local Area Connection 2 (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Fortinet virtual adapter = Local Area Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : RAW
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.fl.comcast.net
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.state.comcast.net
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : AC-22-0B-B7-6F-6D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 0C-8B-FD-33-F5-49
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Fortinet virtual adapter
   Physical Address. . . . . . . . . : 00-09-0F-FE-00-01
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : hsd1.fl.comcast.net
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-N 7260
   Physical Address. . . . . . . . . : 0C-8B-FD-33-F5-45
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:589:1:7b3e::9636(Preferred) 
   Lease Obtained. . . . . . . . . . : Saturday, July 18, 2015 1:49:27 AM
   Lease Expires . . . . . . . . . . : Friday, July 24, 2015 8:28:30 PM
   IPv6 Address. . . . . . . . . . . : 2601:589:1:7b3e:e063:4f9a:3574:5754(Preferred) 
   Temporary IPv6 Address. . . . . . : 2601:589:1:7b3e:7124:190f:707c:4be5(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::e063:4f9a:3574:5754%3(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.0.0.119(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, July 18, 2015 1:49:25 AM
   Lease Expires . . . . . . . . . . : Saturday, July 25, 2015 2:52:07 AM
   Default Gateway . . . . . . . . . : fe80::bcd1:65ff:fe92:57d7%3
                                       10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 51153917
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-B4-A6-F7-AC-22-0B-B7-6F-6D
   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
                                       2001:558:feed::2
                                       75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 0C-8B-FD-33-F5-46
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:4a4:264:bd1a:2855(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::4a4:264:bd1a:2855%8(Preferred) 
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 369098752
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-B4-A6-F7-AC-22-0B-B7-6F-6D
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  cdns01.comcast.net
Address:  2001:558:feed::1
 
Name:    google.com
Addresses:  2607:f8b0:4008:808::200e
 216.58.192.78
 
 
Pinging google.com [2607:f8b0:4008:808::200e] with 32 bytes of data:
Reply from 2607:f8b0:4008:808::200e: time=19ms 
Reply from 2607:f8b0:4008:808::200e: time=17ms 
 
Ping statistics for 2607:f8b0:4008:808::200e:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 17ms, Maximum = 19ms, Average = 18ms
Server:  cdns01.comcast.net
Address:  2001:558:feed::1
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 206.190.36.45
 98.139.183.24
 98.138.253.109
 
 
Pinging yahoo.com [2001:4998:44:204::a7] with 32 bytes of data:
Request timed out.
Reply from 2001:4998:44:204::a7: time=72ms 
 
Ping statistics for 2001:4998:44:204::a7:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 72ms, Maximum = 72ms, Average = 72ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  4...ac 22 0b b7 6f 6d ......Realtek PCIe GBE Family Controller
  7...0c 8b fd 33 f5 49 ......Bluetooth Device (Personal Area Network)
  9...00 09 0f fe 00 01 ......Fortinet virtual adapter
  1...........................Software Loopback Interface 1
  3...0c 8b fd 33 f5 45 ......Intel® Dual Band Wireless-N 7260
  5...0c 8b fd 33 f5 46 ......Microsoft Wi-Fi Direct Virtual Adapter
  8...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1       10.0.0.119     20
         10.0.0.0    255.255.255.0         On-link        10.0.0.119    276
       10.0.0.119  255.255.255.255         On-link        10.0.0.119    276
       10.0.0.255  255.255.255.255         On-link        10.0.0.119    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link        10.0.0.119    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link        10.0.0.119    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  3    276 ::/0                     fe80::bcd1:65ff:fe92:57d7
  1    306 ::1/128                  On-link
  8    306 2001::/32                On-link
  8    306 2001:0:9d38:6ab8:4a4:264:bd1a:2855/128
                                    On-link
  3    276 2601:589:1:7b3e::/64     On-link
  3    276 2601:589:1:7b3e::9636/128
                                    On-link
  3    276 2601:589:1:7b3e:7124:190f:707c:4be5/128
                                    On-link
  3    276 2601:589:1:7b3e:e063:4f9a:3574:5754/128
                                    On-link
  3    276 fe80::/64                On-link
  8    306 fe80::/64                On-link
  8    306 fe80::4a4:264:bd1a:2855/128
                                    On-link
  3    276 fe80::e063:4f9a:3574:5754/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    276 ff00::/8                 On-link
  8    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/18/2015 01:56:02 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Unexpected or missing value (name: 'PackageCode', value: 'GUID') in key 'HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219'
 
Error: (07/18/2015 01:56:02 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Unexpected or missing value (name: 'PackageCode', value: 'GUID') in key 'HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219'
 
Error: (07/18/2015 01:50:25 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Unexpected or missing value (name: 'PackageCode', value: 'GUID') in key 'HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219'
 
Error: (07/18/2015 00:51:45 AM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 43.0.2357.134, time stamp: 0x55a4072f
Faulting module name: chrome.dll, version: 43.0.2357.134, time stamp: 0x55a4037a
Exception code: 0x80000003
Fault offset: 0x004f512a
Faulting process id: 0x1e28
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (07/18/2015 00:14:45 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   13 4.5.7.5.4.7.5.3.A.9.F.4.3.6.0.E.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR RAW-2.local.
 
Error: (07/18/2015 00:14:45 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.119:5353   11 4.5.7.5.4.7.5.3.A.9.F.4.3.6.0.E.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR RAW.local.
 
Error: (07/18/2015 00:14:45 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   13 C.4.6.C.2.4.9.5.B.E.0.C.F.9.9.3.E.3.B.7.1.0.0.0.9.8.5.0.1.0.6.2.ip6.arpa. PTR RAW-2.local.
 
Error: (07/18/2015 00:14:45 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.119:5353   11 C.4.6.C.2.4.9.5.B.E.0.C.F.9.9.3.E.3.B.7.1.0.0.0.9.8.5.0.1.0.6.2.ip6.arpa. PTR RAW.local.
 
Error: (07/18/2015 00:14:45 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   13 4.5.7.5.4.7.5.3.A.9.F.4.3.6.0.E.E.3.B.7.1.0.0.0.9.8.5.0.1.0.6.2.ip6.arpa. PTR RAW-2.local.
 
Error: (07/18/2015 00:14:45 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.119:5353   11 4.5.7.5.4.7.5.3.A.9.F.4.3.6.0.E.E.3.B.7.1.0.0.0.9.8.5.0.1.0.6.2.ip6.arpa. PTR RAW.local.
 
 
System errors:
=============
Error: (07/18/2015 01:51:51 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%1053
 
Error: (07/18/2015 01:51:51 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
 
Error: (07/18/2015 01:51:50 AM) (Source: Service Control Manager) (User: )
Description: The GamesAppIntegrationService service failed to start due to the following error: 
%%2
 
Error: (07/18/2015 01:48:23 AM) (Source: DCOM) (User: RAW)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (07/18/2015 01:32:09 AM) (Source: Service Control Manager) (User: )
Description: The GamesAppIntegrationService service failed to start due to the following error: 
%%2
 
Error: (07/18/2015 01:30:16 AM) (Source: DCOM) (User: RAW)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}RAWrwatonS-1-5-21-973938917-2959906703-1553438135-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (07/18/2015 01:30:16 AM) (Source: DCOM) (User: RAW)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}RAWrwatonS-1-5-21-973938917-2959906703-1553438135-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (07/18/2015 01:28:31 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (07/18/2015 01:28:31 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (07/18/2015 01:28:26 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
 
Microsoft Office Sessions:
=========================
Error: (07/18/2015 01:56:02 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)
 
Error: (07/18/2015 01:56:02 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)
 
Error: (07/18/2015 01:50:25 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)
 
Error: (07/18/2015 00:51:45 AM) (Source: Application Error)(User: )
Description: chrome.exe43.0.2357.13455a4072fchrome.dll43.0.2357.13455a4037a80000003004f512a1e2801d0c11352754724C:\Users\rwaton\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\rwaton\AppData\Local\Google\Chrome\Application\43.0.2357.134\chrome.dllb0901b63-2d08-11e5-828e-0c8bfd33f549
 
Error: (07/18/2015 00:14:45 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   13 4.5.7.5.4.7.5.3.A.9.F.4.3.6.0.E.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR RAW-2.local.
 
Error: (07/18/2015 00:14:45 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.119:5353   11 4.5.7.5.4.7.5.3.A.9.F.4.3.6.0.E.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR RAW.local.
 
Error: (07/18/2015 00:14:45 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   13 C.4.6.C.2.4.9.5.B.E.0.C.F.9.9.3.E.3.B.7.1.0.0.0.9.8.5.0.1.0.6.2.ip6.arpa. PTR RAW-2.local.
 
Error: (07/18/2015 00:14:45 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.119:5353   11 C.4.6.C.2.4.9.5.B.E.0.C.F.9.9.3.E.3.B.7.1.0.0.0.9.8.5.0.1.0.6.2.ip6.arpa. PTR RAW.local.
 
Error: (07/18/2015 00:14:45 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   13 4.5.7.5.4.7.5.3.A.9.F.4.3.6.0.E.E.3.B.7.1.0.0.0.9.8.5.0.1.0.6.2.ip6.arpa. PTR RAW-2.local.
 
Error: (07/18/2015 00:14:45 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.119:5353   11 4.5.7.5.4.7.5.3.A.9.F.4.3.6.0.E.E.3.B.7.1.0.0.0.9.8.5.0.1.0.6.2.ip6.arpa. PTR RAW.local.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-13 15:03:34.832
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-11 03:18:52.728
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-11-23 14:47:42.054
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-11-15 12:16:55.445
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-11-08 10:47:16.651
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-11-07 07:54:49.918
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-11-03 23:20:12.283
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\del_DM_LL_nsp5C68.dll that did not meet the Windows signing level requirements.
 
 
=========================== Installed Programs ============================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Console (HKLM\...\{6D989E08-8143-4AB8-B0A8-5B836235CAA4}) (Version: 1.0.3 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.6 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0018 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.7 - ASUS)
ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.310 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
AVG 2015 (HKLM\...\{3B3927B0-0A21-4B4C-9FF3-AB4C42E2AF79}) (Version: 15.0.4392 - AVG Technologies) Hidden
AVG 2015 (HKLM\...\{6E4BAAF0-7F23-41E5-B16B-4727B6FC0C6F}) (Version: 15.0.6081 - AVG Technologies) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6081 - AVG Technologies)
Azteca (HKLM-x32\...\WTA-d7a7e770-7c09-4c78-ac6b-1b409e27d9c9) (Version: 2.2.0.97 - WildTangent) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 3 (HKLM-x32\...\WTA-47e7ea62-db8b-4ff7-9988-85f519f3567f) (Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{75EA944A-4C53-4A0A-8B3B-E195EDAA626C}) (Version: 2.12.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version:  - Progdigy Software S.A.R.L.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
FortiClient (HKLM\...\{A98353B4-1E25-44EC-BCC0-6F84D2F5F243}) (Version: 5.2.3.0633 - Fortinet Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.1 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2103 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Peggle (HKLM-x32\...\WTA-165a8559-4de5-470a-9f5c-03d58d2caf30) (Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-ded8efa6-7a67-4302-a0db-c292b860e709) (Version: 2.2.0.98 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C814F7D9-CE9D-45AA-BA7C-88BDD0E1EB7C}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{77A8B979-11B0-4774-8003-574EE8A4BC22}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{05916788-991E-417B-A8F3-77F90A2B8271}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D4D48631-AC28-4250-B882-C956555B0B1D}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F3FAAB68-7697-4B1F-A23A-72312565AEAB}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{944EFCFD-823D-4C0A-9B01-CD76EEAEA1F3}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{58B1AD3E-54D7-42DC-AF42-218AA7C1ED8B}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{58B1AD3E-54D7-42DC-AF42-218AA7C1ED8B}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 16.13.42 - NVIDIA Corporation) Hidden
Sid Meiers Civilization Beyond Earth (HKLM-x32\...\U2lkTWVpZXJzQ2l2aWxpemF0aW9uQmV5b25kRWFydGg=_is1) (Version: 1 - )
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
Tales of Lagoona (HKLM-x32\...\WTA-f321558c-b5a8-4b08-abf8-325c3797f659) (Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.0.3.226 - ASUS Cloud Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.10.20 - WildTangent) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - ASUS (ATP) Mouse  (09/17/2013 1.0.0.186) (HKLM\...\D9E691DCEE7D3B9B7C62A7F5C2EAABBB9335DC9A) (Version: 09/17/2013 1.0.0.186 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
 
**** End of log ****
 
Rkill 2.7.0 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 07/18/2015 02:59:22 AM in x64 mode.
Windows Version: Windows 8.1 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 07/18/2015 02:59:31 AM
Execution time: 0 hours(s), 0 minute(s), and 9 seconds(s)
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/18/2015
Scan Time: 3:21 AM
Logfile: resultmbam.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.07.18.01
Rootkit Database: v2015.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: rwaton
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 363612
Time Elapsed: 26 min, 31 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.Bundler, C:\Users\rwaton\AppData\Roaming\PowerISO\Upgrade\PowerISO6-x64.exe, , [1f1a687b256553e3ee1b85a0a26327d9], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\rwaton\AppData\Roaming\sp_data.sys
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\rwaton\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\rwaton\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\rwaton\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\rwaton\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/18/2015 at  4:15:42.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v4.208 - Logfile created 18/07/2015 at 04:19:25
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : rwaton - RAW
# Running from : C:\Users\rwaton\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v43.0.2357.134
 
 
*************************
 
AdwCleaner[R0].txt - [24034 bytes] - [25/04/2015 01:29:45]
AdwCleaner[R1].txt - [1470 bytes] - [18/07/2015 00:24:42]
AdwCleaner[R2].txt - [996 bytes] - [18/07/2015 01:37:24]
AdwCleaner[R3].txt - [1040 bytes] - [18/07/2015 03:59:18]
AdwCleaner[R4].txt - [845 bytes] - [18/07/2015 04:19:25]
AdwCleaner[S0].txt - [5135 bytes] - [25/04/2015 01:29:58]
AdwCleaner[S1].txt - [1497 bytes] - [18/07/2015 00:30:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1021 bytes] ##########
 
 
 
 


#4 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:05:50 PM

Posted 18 July 2015 - 03:47 AM

Did Kaspersky find something?

-------

Download Security Check from here or here and save it to your Desktop.

§  Double-click SecurityCheck.exe

§  Follow the onscreen instructions inside of the black box.

§  Notepad document should open automatically called checkup.txt; please post the contents of that document.

--------------

Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).

  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
  • Click on Scan to be taken to the scan options. If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
  • Click on the Malware Scan button to start the scan.
  • When the scan is completed click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop, and attach it to your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
  • --------------------------

Autoruns by Sysinternals

Please follow the instructions below to give me an Autoruns log containing your start-up entries:

§  Download Autoruns from here.

§  Extract the content of the Autoruns.zip folder on the Desktop.

§  Open the Autoruns folder, right click on Autoruns.exe and click Run as Administrator.

§  Accept the EULA on opening, then wait for all the entries to load.

§  Click on File, then Save and save the file to your Desktopas as *.txt file format not default *.arn file format.

§  Go on ge.tt and upload the Autoruns file you saved.

§  Please copy and post the download URL of your uploaded file in your next reply.

-----


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#5 runaway06

runaway06
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 18 July 2015 - 11:15 AM

Nothing from Kaspersky

 

 Results of screen317's Security Check version 1.005  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender                  
AVG AntiVirus Free Edition 2015   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
 Adobe Flash Player 18.0.0.209  
 Google Chrome (43.0.2357.134) 
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 

Emsisoft Emergency Kit - Version 10.0
Last update: 7/18/2015 11:57:31 AM
User account: RAW\rwaton
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 7/18/2015 11:58:57 AM
Value: HKEY_USERS\S-1-5-21-973938917-2959906703-1553438135-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-973938917-2959906703-1553438135-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\APPLICATION\PLSVCV2 detected: Application.AdSend (A)
 
Scanned 78651
Found 3
 
Scan end: 7/18/2015 12:04:48 PM
Scan time: 0:05:51
 
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\APPLICATION\PLSVCV2 Quarantined Application.AdSend (A)
Value: HKEY_USERS\S-1-5-21-973938917-2959906703-1553438135-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-973938917-2959906703-1553438135-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A)
 
Quarantined 3
 
 
 
 


#6 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:05:50 PM

Posted 18 July 2015 - 11:57 AM

Please, step by step explain your problems.

 

You turn on your computer. After boot and Desktop appears, you can hear some noise, some ad noise?

Can you see some message?

How long is that noise? 

Do you have problems while browsing over the Internet?

 

----------

Empty your temp folders using TFC (Temporary File Cleaner)

§  Please download TFC by Old Timer and save it to your desktop.
alternate download link

§  Save any unsaved work. (TFC will close ALL open programs including your browser!)

§  Double-click on TFC.exe to run it. (If you are using Vista or above, right-click on the file and choose "Run As Administrator".)

§  Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

§  Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users