My computer keeps shutting down when I'm using it.

still getting popup tabs when I click on links or open spaces (like this) to type.

Is this something new? You didn't mention it in your first post.Could you give me a screenprint of a pop-up?

How to post screenshots or images

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

screen caps here: https://www.dropbox.com/sh/jpeqvxa66c85iwl/-5v3r4Tvmz

the one on the GeekPolice page is the "call for great tech support" in the upper right hand corner. I also get banners along the bottom of my browser screen and pop ups telling me I need to update java immediately...I can try to post more if you like.

scanning with eset now. will post results when it's done.

What broswer are you using Ie?

Chrome. It happens in firefox too.

jeremypc wrote:

Chrome. It happens in firefox too.

Does it do in with IE? Have you configured those browsers to block pop-ups?

yes. pop ups are blocked. I don't have IE on my machine.

computer shut down on me before I could export the list of threats to a log file....but this log was there when I re-booted:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=fb8186d9907ab04692ab96394ea63822
# engine=17498
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-18 10:19:56
# local_time=2014-03-18 06:19:56 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 0 7659758 0 0
# compatibility_mode=5893 16776574 100 94 0 146724646 0 0
# scanned=374218
# found=6
# cleaned=6
# scan_time=9462
sh=48EF8B4E06E0F1D3C06C4D6E1EA2B6CE48AA5231 ft=1 fh=ac26df35aa8ade69 vn="a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll.vir"
sh=58E82B640AB36A3760718DA774DC643FA6C80CB3 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus (deleted - quarantined)" ac=C fn="C:\Users\Jeremy\AppData\Local\Mozilla\Firefox\Profiles\dhnicim3.default\Cache\3\59\A1F22d01"
sh=9DC6F9C3C531D3149D3AE93B2C4F4ED43FEF4DA5 ft=1 fh=7c2cb7f17ce065a3 vn="a variant of MSIL/Adware.Colooader.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Jeremy\AppData\Local\Temp\81b4e5ac-08c6-4b59-b269-93b42343ddc6.exe"
sh=FA064A28A6DE53A1A3DD8E98AD8FF096FA8E0E96 ft=1 fh=15b4c317be97f4e3 vn="a variant of MSIL/Adware.Colooader.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Jeremy\Downloads\avira-2-0-1-4 (1).exe"
sh=FA064A28A6DE53A1A3DD8E98AD8FF096FA8E0E96 ft=1 fh=15b4c317be97f4e3 vn="a variant of MSIL/Adware.Colooader.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Jeremy\Downloads\avira-2-0-1-4.exe"
sh=8D45B9F5D258A2F56926A5D82C071D488E255676 ft=1 fh=05f228728ac67fd1 vn="a variant of Win32/AdWare.iBryte.S application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Jeremy\Downloads\Player-Chrome.exe"

Could you please update and run MBAM again?

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.19.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Jeremy :: JEREMYLAPTOP [administrator]

3/18/2014 11:09:47 PM
mbam-log-2014-03-18 (23-09-47).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 636693
Time elapsed: 2 hour(s), 34 minute(s), 34 second(s)

Memory Processes Detected: 2
C:\Program Files (x86)\Re-markit-soft\Re-markit157.exe (PUP.Optional.ReMarkit.A) -> 1440 -> Delete on reboot.
C:\Program Files (x86)\Re-markit-soft\Re-markit_wd.exe (PUP.Optional.ReMarkIt.A) -> 2792 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 31
HKCR\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3} (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4} (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GigaClicks Crawler (PUP.Optional.GigaClicks.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.CoCreateAsync (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.CoCreateAsync.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.CoreClass (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.CoreClass.1 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.CoreMachineClass (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.CoreMachineClass.1 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.CredentialDialogMachine (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.CredentialDialogMachine.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.OnDemandCOMClassMachine (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.OnDemandCOMClassMachineFallback (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.OnDemandCOMClassSvc (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.ProcessLauncher (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.ProcessLauncher.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.Update3COMClassService (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.Update3COMClassService.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.Update3WebMachine (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.Update3WebMachine.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.Update3WebMachineFallback (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.Update3WebMachineFallback.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.Update3WebSvc (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.Update3WebSvc.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\consumerinput_update (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Re-markit (PUP.Optional.ReMarkit.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\575846f2-b4ed-4f88-8eb7-7feb9b153b09 (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:13828 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel (PUP.Optional.ReMarkit.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel\1.157.0.0_0 (PUP.Optional.ReMarkit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Re-markit-soft (PUP.Optional.ReMarkIt.A) -> Delete on reboot.

Files Detected: 41
C:\Users\Jeremy\AppData\Local\3783\a31456.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\GCC\uninstall.exe (PUP.Optional.GigaClicks.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2PD2A2PK\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C2838OIG\sp-downloader[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XJ2RFH08\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Temp\awh9128.tmp (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Temp\dca3f034-3f28-441e-a4e6-6ecab2368c66 (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Temp\f7605fbc-2be7-4bac-a1aa-55dea026f616 (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Temp\nse69C5.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Temp\nse6D20.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Temp\nsjF5C7.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Temp\nso6744.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Temp\nsoFB64.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Temp\nsyF847.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Temp\OfertaBundle.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Temp\Ofertaembededstub.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Temp\verifier.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Temp\nso5553\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Re-markit Update.job (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Re-markit_wd.job (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Re-markit-soft\Re-markit157.exe (PUP.Optional.ReMarkit.A) -> Delete on reboot.
C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel\1.157.0.0_0\b.html (PUP.Optional.ReMarkit.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel\1.157.0.0_0\b.js (PUP.Optional.ReMarkit.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel\1.157.0.0_0\c.js (PUP.Optional.ReMarkit.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel\1.157.0.0_0\icon128.png (PUP.Optional.ReMarkit.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel\1.157.0.0_0\icon16.png (PUP.Optional.ReMarkit.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel\1.157.0.0_0\icon48.png (PUP.Optional.ReMarkit.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel\1.157.0.0_0\manifest.json (PUP.Optional.ReMarkit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Re-markit-soft\157.crx (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Re-markit-soft\157.dat (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Re-markit-soft\157.xpi (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Re-markit-soft\a.db (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Re-markit-soft\b.db (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Re-markit-soft\Re-markit157.bin (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Re-markit-soft\Re-markit157.ini (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Re-markit-soft\Re-markit_wd.exe (PUP.Optional.ReMarkIt.A) -> Delete on reboot.
C:\Program Files (x86)\Re-markit-soft\ReMar.exe (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Re-markit-soft\Sqlite3.dll (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Re-markit-soft\Uninstall.exe (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.

(end)

pop ups seem to be gone, computer is now pretty laggy. I'm getting a lot of "(not responding)" messages in the programs I am running. Things are slow to respond. Also, the computer has unexpectedly shut down on me once today while working on it.

Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

ComboFix 14-03-19.01 - Jeremy 03/19/2014 14:33:04.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2613 [GMT -4:00]
Running from: c:\users\Jeremy\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_llmfehnfojojfamjjijjciopbjimcffa_0
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_llmfehnfojojfamjjijjciopbjimcffa_0\23
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_llmfehnfojojfamjjijjciopbjimcffa_0\24
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\background.html
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\crossriderManifest.json
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\manifest.xml
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins.json
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\1_base.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\17_jQuery.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\177_crossriderDashboard.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\182_openUrl.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\183_tabsWrapper.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\21_debug.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\22_resources.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\28_initializer.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\47_resources_background.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\5_notifications.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\64_appApiMessage.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\7_hooks.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\72_appApiValidation.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\9_search_engine_hook.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\userCode\background.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\userCode\extension.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\icons\actions\1.png
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\icons\icon128.png
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\icons\icon16.png
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\icons\icon48.png
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\api\chrome.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\api\cookie.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\api\message.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\api\pageAction.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\api\pageActionBG.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\background.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\app_api.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\bg_app_api.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\consts.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\cookie_store.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\crossriderAPI.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\delegate.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\events.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\extensionDataStore.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\installer.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\logFile.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\logging.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\onBGDocumentLoad.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\popupResource\newPopup.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\popupResource\popup.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\reports.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\storageWrapper.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\updateManager.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\util.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\xhr.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\main.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\manifest.json
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\popup.html
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\version.json
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_llmfehnfojojfamjjijjciopbjimcffa_0.localstorage-journal
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_llmfehnfojojfamjjijjciopbjimcffa_0.localstorage
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Jeremy\AppData\Local\Temp\{8862ACC6-38CC-48AA-B4DC-9125EE98F461}\{98404919-33EC-42EA-A9FA-44A06B399B14}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Sara\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D2C74833-B155-49F7-9F08-5F3806E2D84F}.xps
c:\users\Sara\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D924AFFF-E742-45F2-914C-723CBF13C6CD}.xps
.
.
((((((((((((((((((((((((( Files Created from 2014-02-19 to 2014-03-19 )))))))))))))))))))))))))))))))
.
.
2014-03-19 18:46 . 2014-03-19 18:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-19 18:46 . 2014-03-19 18:46 -------- d-----w- c:\users\Sara\AppData\Local\temp
2014-03-19 18:46 . 2014-03-19 18:46 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-03-18 19:36 . 2014-03-18 19:36 -------- d-----w- c:\program files (x86)\ESET
2014-03-17 19:08 . 2014-03-17 20:16 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-17 02:36 . 2014-03-18 23:26 -------- d-----w- c:\program files (x86)\SpeedFan
2014-03-17 00:52 . 2014-03-17 00:52 -------- d-----w- c:\users\Jeremy\AppData\Roaming\Oracle
2014-03-16 18:42 . 2013-12-19 01:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-16 16:55 . 2014-03-16 16:55 -------- d-----w- c:\windows\ERUNT
2014-03-16 16:50 . 2014-03-16 16:50 -------- d-----w- c:\users\Jeremy\AppData\Roaming\Avira
2014-03-16 16:49 . 2013-12-09 15:37 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-03-16 16:49 . 2013-12-09 15:37 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-03-16 16:49 . 2013-12-09 15:37 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-03-16 16:49 . 2013-12-09 15:37 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-03-16 16:49 . 2014-03-16 16:49 -------- d-----w- c:\programdata\Avira
2014-03-16 16:49 . 2014-03-16 16:49 -------- d-----w- c:\program files (x86)\Avira
2014-03-16 16:40 . 2014-03-19 10:55 -------- d-----w- c:\users\Jeremy\AppData\Local\GCC
2014-03-16 16:40 . 2014-03-19 10:55 -------- d-----w- c:\users\Jeremy\AppData\Local\3783
2014-03-16 14:08 . 2014-03-16 14:11 -------- d-----w- C:\AdwCleaner
2014-03-14 13:09 . 2014-03-14 13:09 5777288 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-03-14 11:27 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-14 11:27 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-14 11:27 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-14 11:27 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-14 11:26 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D3C56C0-F56C-4370-8421-6F237D740F0F}\mpengine.dll
2014-02-25 18:28 . 2014-02-25 18:28 -------- d-----w- c:\windows\Migration
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-18 16:39 . 2011-07-08 11:19 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-14 13:09 . 2012-05-02 11:49 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-14 13:09 . 2011-07-11 12:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-24 23:09 . 2014-02-13 14:11 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48 . 2014-02-13 14:11 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-12-21 09:53 . 2014-02-14 14:42 548864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-21 08:56 . 2014-02-14 14:42 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Jeremy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-01-22 1171968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-03-17 689744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
c:\users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jeremy\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
3;2 taisregispinger;taisregispinger;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys;c:\windows\SYSNATIVE\drivers\eubakup.sys [x]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys;c:\windows\SYSNATIVE\drivers\EUBKMON.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys;c:\windows\SYSNATIVE\drivers\eudskacs.sys [x]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys;c:\windows\SYSNATIVE\drivers\EuFdDisk.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 EaseUS Agent;EaseUS Agent Service;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [x]
S2 Guard Agent;Guard Agent Service;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [x]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 21:39 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 13:10]
.
2014-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 01:36]
.
2014-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 01:36]
.
2014-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4048983874-3147870858-1501911587-1002Core.job
- c:\users\Jeremy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-23 12:49]
.
2014-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4048983874-3147870858-1501911587-1002UA.job
- c:\users\Jeremy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-23 12:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.1
DPF: {357A8DEC-0CAC-4D8D-9869-C2C356B844F7} - hxxp://twinoakslandscape.lorexddns.net/RSVideoOcx.cab
FF - ProfilePath - c:\users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\dhnicim3.default\
FF - ExtSQL: 2014-03-16 12:39; {6e2a11d1-1853-4cd5-8568-23bab0f50bdb}; c:\program files (x86)\Re-markit-soft\157.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run- - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
AddRemove-Consumer Input Installer - c:\program files (x86)\Consumer Input\CIuninstall.exe
AddRemove-{F25146ED-8C9C-4D92-B26D-7B40AE34EA66}_is1 - c:\program files (x86)\Shop To Win\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-19 14:50:29
ComboFix-quarantined-files.txt 2014-03-19 18:50
.
Pre-Run: 339,121,324,032 bytes free
Post-Run: 340,946,182,144 bytes free
.
- - End Of File - - E3B3023E5F62DFA2FAE976ACDFF96A74

Ok, could you please give me an update on your computer? Did Speedfan find any abnormal temps?

Things seem to be better. How would I know if the temps were abnormal? I haven't seen any messages from speedfan.

it just shut down again...

How would I know if the temps were abnormal? I haven't seen any messages from speedfan. .

Speedfan should highlight any abnormal temperatures with, I believe, flames. We need to check those temps.

in that case,yes!

(blue arrow pointing down) HD0: 26 C
(flame) Temp1: 74C
(flame) Core 0: 75C
(flame) Core1: 63C

jeremypc wrote:

in that case,yes!

(blue arrow pointing down) HD0: 26 C
(flame) Temp1: 74C
(flame) Core 0: 75C
(flame) Core1: 63C

That's what is shutting down your computer. It's running too hot. Perhaps the fan(s) have stopped working. It will continue to do this until the heating problem is resolved.

fan is definitely working, I can hear it. maybe it's not working as well as it should..

jeremypc wrote:

fan is definitely working, I can hear it. maybe it's not working as well as it should..

That's possible or it could be dusty inside.

I researched it a little. seems toshibas are known for getting dirty/clogged inside. shop-vac-ed it and temps came down to around 50C...still some flame symbols...but much cooler. may need to take it apart to clean more thoroughly. I think all else is fixed now. thanks for you help!!!!