My computer keeps shutting down when I'm using it.

View previous topic View next topic Go down

My computer keeps shutting down when I'm using it.

Post by jeremypc on 14th March 2014, 5:46 pm

My laptop keeps shutting down when I'm in the middle of working on things. At first, it just happened when I was using a design program (heavy on graphics) that I know is a resource hog (especially for my computer). So I wasn't surprised when this happened. Now it happens when I'm using Word or Excel. Not sure if there are things running in the background that I can turn off or if my machine is just getting old and tired. It doesn't seem to be running slowly or giving me any indication that it is going to shutdown. It just powers down on it's own with no warning.

here's my my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:39:56 PM, on 3/14/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Users\Jeremy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Jeremy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\PROGRA~2\MICROS~3\Office14\WINWORD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Jeremy\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (file missing)
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
O4 - HKLM\..\Run: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Jeremy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jeremy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AE25D6F19EE37EF13F9C352B14058515D351B815._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [Amazon Cloud Player] "C:\Users\Jeremy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = Jeremy\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Convert link target to Adobe PDF - [You must be registered and logged in to see this link.] Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - [You must be registered and logged in to see this link.] Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - [You must be registered and logged in to see this link.] Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - [You must be registered and logged in to see this link.] Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - [You must be registered and logged in to see this link.] Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - [You must be registered and logged in to see this link.] Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - [You must be registered and logged in to see this link.] Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - [You must be registered and logged in to see this link.] Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Se&nd to OneNote - [You must be registered and logged in to see this link.]
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {357A8DEC-0CAC-4D8D-9869-C2C356B844F7} (RSVideo Control) - [You must be registered and logged in to see this link.]
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O18 - Protocol: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Guard Agent Service (Guard Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: taisregispinger - Unknown owner - C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: Torch Crash Handler (TorchCrashHandler) - TorchMedia Inc. - C:\Users\Jeremy\AppData\Local\Torch\Update\TorchCrashHandler.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 17917 bytes

jeremypc
Intermediate
Intermediate

Posts Posts : 142
Joined Joined : 2010-01-21
OS OS : windows xp home
Points Points : 27303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by Superdave on 14th March 2014, 11:41 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.  

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Let's run some scans to make sure it's not malware.


Please download [You must be registered and logged in to see this link.]by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete or Clean.
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

*********************************************
Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Please download [You must be registered and logged in to see this link.] to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click [You must be registered and logged in to see this link.]link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*****************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by jeremypc on 16th March 2014, 2:22 pm

# AdwCleaner v3.022 - Report created 16/03/2014 at 10:11:20
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jeremy - JEREMYLAPTOP
# Running from : C:\Users\Jeremy\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Classes\AppGraffiti.AppGraffitiJS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShoppingBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\inbox
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063441.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063441.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063441.Shopping
Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063441.Shopping.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EB583FE1-9458-4EDA-AC68-24D24F17C70F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB02BC6B-B0F0-4074-99E6-884B70FCB6AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKCU\Software\AppGraffiti
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\Software\AppGraffiti
Key Deleted : HKLM\Software\CToolbar
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Inbox Toolbar
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKLM\Software\torch
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6EFDBA50-4ABE-4194-86F7-F3BD0A011F5B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v22.0 (en-US)

[ File : C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\dhnicim3.default\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [10047 octets] - [16/03/2014 10:08:39]
AdwCleaner[R1].txt - [8310 octets] - [16/03/2014 10:10:23]
AdwCleaner[S0].txt - [1850 octets] - [16/03/2014 10:09:49]
AdwCleaner[S1].txt - [8289 octets] - [16/03/2014 10:11:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [8349 octets] ##########

jeremypc
Intermediate
Intermediate

Posts Posts : 142
Joined Joined : 2010-01-21
OS OS : windows xp home
Points Points : 27303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by Superdave on 16th March 2014, 4:25 pm

That looks good. I will wait for the other logs.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by jeremypc on 16th March 2014, 4:27 pm

Malwarebytes Anti-Malware 1.75.0.1300
[You must be registered and logged in to see this link.]

Database version: v2014.03.16.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Jeremy :: JEREMYLAPTOP [administrator]

3/16/2014 10:23:47 AM
mbam-log-2014-03-16 (10-23-47).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 640109
Time elapsed: 1 hour(s), 51 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\Users\Jeremy\AppData\Local\Updater14917 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Shop to Win 13 (PUP.Optional.ShopToWin.A) -> Quarantined and deleted successfully.
C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 13 (PUP.Optional.ShopToWin.A) -> Quarantined and deleted successfully.

Files Detected: 21
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Inbox Toolbar\Inbox.dll.vir (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Inbox Toolbar\Inbox.exe.vir (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Inbox Toolbar\Plugins\Update.exe.vir (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Users\Jeremy\Downloads\CodecPerformerSetup.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\Downloads\EasyMP3Downloader-4.5.0.8.Setup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\Downloads\iLividSetup-r362-n-bc.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Shop to Win 13\patch.bat (PUP.Optional.ShopToWin.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Shop to Win 13\settings.xml (PUP.Optional.ShopToWin.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Shop to Win 13\ShopToWin.ico (PUP.Optional.ShopToWin.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Shop to Win 13\Uninst.exe (PUP.Optional.ShopToWin.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Shop to Win 13\version.txt (PUP.Optional.ShopToWin.A) -> Quarantined and deleted successfully.
C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 13\Check out Previous Winners.lnk (PUP.Optional.ShopToWin.A) -> Quarantined and deleted successfully.
C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 13\Frequently Asked Questions.lnk (PUP.Optional.ShopToWin.A) -> Quarantined and deleted successfully.
C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 13\How can I win $100,000.lnk (PUP.Optional.ShopToWin.A) -> Quarantined and deleted successfully.
C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 13\How can I win $500 Today.lnk (PUP.Optional.ShopToWin.A) -> Quarantined and deleted successfully.
C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 13\Shop To Win Privacy Policy.lnk (PUP.Optional.ShopToWin.A) -> Quarantined and deleted successfully.
C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 13\Shop to Win Terms and Conditions.lnk (PUP.Optional.ShopToWin.A) -> Quarantined and deleted successfully.
C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 13\Sweepstakes Official Rules.lnk (PUP.Optional.ShopToWin.A) -> Quarantined and deleted successfully.
C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 13\Uninstall.lnk (PUP.Optional.ShopToWin.A) -> Quarantined and deleted successfully.
C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 13\View My Shop to Win Account.lnk (PUP.Optional.ShopToWin.A) -> Quarantined and deleted successfully.
C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 13\Visit the Shop to Win Mall.lnk (PUP.Optional.ShopToWin.A) -> Quarantined and deleted successfully.

(end)

jeremypc
Intermediate
Intermediate

Posts Posts : 142
Joined Joined : 2010-01-21
OS OS : windows xp home
Points Points : 27303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by jeremypc on 16th March 2014, 5:33 pm

Results of screen317's Security Check version 0.99.80
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Malwarebytes Anti-Malware version 1.75.0.1300
Java(TM) 6 Update 17
Java 7 Update 45
Java version out of Date!
Adobe Flash Player 12.0.0.77
Adobe Reader 10.1.3 Adobe Reader out of Date!
Mozilla Firefox 22.0 Firefox out of Date!
Google Chrome 33.0.1750.146
Google Chrome 33.0.1750.154
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

jeremypc
Intermediate
Intermediate

Posts Posts : 142
Joined Joined : 2010-01-21
OS OS : windows xp home
Points Points : 27303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by Superdave on 17th March 2014, 12:47 am

The Security log shows your AV is disabled. Don't forget to enable it.

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First [You must be registered and logged in to see this link.]

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the [You must be registered and logged in to see this link.].

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download [You must be registered and logged in to see this link.] and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: [You must be registered and logged in to see this link.] adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
******************************************
Update your Adobe Reader. [You must be registered and logged in to see this link.].

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

Please download and install Speedfan from [You must be registered and logged in to see this link.] and check to see what the temperatures are on your laptop.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by jeremypc on 17th March 2014, 2:40 am

Java was current. adobe reader is updated. but now everytime I click on a link (using chrome) a new tab opens redirected to a junk site.

example:
winupdatevideos.com

there's also one that pops up telling me to update java...more malware?

I downloaded speedfan. what do I do with it? is there a scan/report? or do I just let it run in the background? if so, do I have to set it up or does it just run on it's own?

thanks!

jeremypc
Intermediate
Intermediate

Posts Posts : 142
Joined Joined : 2010-01-21
OS OS : windows xp home
Points Points : 27303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by Superdave on 17th March 2014, 5:38 pm

what do I do with it? is there a scan/report? or do I just let it run in the background? if so, do I have to set it up or does it just run on it's own?
Install it a run it. It will tell you what your temps are and flag any hot ones.

Malwarebytes' Anti-Rootkit

Please download [You must be registered and logged in to see this link.] and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and [You must be registered and logged in to see this link.] all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.


Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by jeremypc on 18th March 2014, 12:56 pm

still getting popup tabs when I click on links or open spaces (like this) to type. here are the logs from MBAR:

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
[You must be registered and logged in to see this link.]

Database version: v2014.03.17.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Jeremy :: JEREMYLAPTOP [administrator]

3/17/2014 3:09:37 PM
mbar-log-2014-03-17 (15-09-37).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 310793
Time elapsed: 52 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Jeremy\AppData\Local\Temp\51daf19b-ba38-412a-b42f-41416b4c2382 (Adware.Linkular) -> Delete on reboot.
C:\Users\Jeremy\AppData\Local\Temp\OfertaColoors_BasicServe.exe (Adware.Linkular) -> Delete on reboot.
C:\Users\Jeremy\AppData\Local\Temp\OfertaColoors_ConsumerInput.exe (Adware.Linkular) -> Delete on reboot.
C:\Users\Jeremy\AppData\Local\Temp\248786c4-9d37-495b-9a5a-2d5bc35a4843 (Adware.Linkular) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
[You must be registered and logged in to see this link.]

Database version: v2013.10.02.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Jeremy :: JEREMYLAPTOP [administrator]

3/17/2014 4:19:30 PM
mbar-log-2014-03-17 (16-19-30).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 285666
Time elapsed: 49 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


jeremypc
Intermediate
Intermediate

Posts Posts : 142
Joined Joined : 2010-01-21
OS OS : windows xp home
Points Points : 27303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by Superdave on 18th March 2014, 7:09 pm

still getting popup tabs when I click on links or open spaces (like this) to type.
Is this something new? You didn't mention it in your first post.Could you give me a screenprint of a pop-up?

[You must be registered and logged in to see this link.]

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by jeremypc on 18th March 2014, 7:53 pm

screen caps here: [You must be registered and logged in to see this link.]

the one on the GeekPolice page is the "call for great tech support" in the upper right hand corner. I also get banners along the bottom of my browser screen and pop ups telling me I need to update java immediately...I can try to post more if you like.

scanning with eset now. will post results when it's done.

jeremypc
Intermediate
Intermediate

Posts Posts : 142
Joined Joined : 2010-01-21
OS OS : windows xp home
Points Points : 27303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by Superdave on 18th March 2014, 10:11 pm

What broswer are you using Ie?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by jeremypc on 18th March 2014, 10:17 pm

Chrome. It happens in firefox too.

jeremypc
Intermediate
Intermediate

Posts Posts : 142
Joined Joined : 2010-01-21
OS OS : windows xp home
Points Points : 27303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by Superdave on 18th March 2014, 10:23 pm

[You must be registered and logged in to see this link.] wrote:Chrome. It happens in firefox too.
Does it do in with IE? Have you configured those browsers to block pop-ups?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by jeremypc on 18th March 2014, 11:18 pm

yes. pop ups are blocked. I don't have IE on my machine.

computer shut down on me before I could export the list of threats to a log file....but this log was there when I re-booted:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=fb8186d9907ab04692ab96394ea63822
# engine=17498
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-18 10:19:56
# local_time=2014-03-18 06:19:56 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 0 7659758 0 0
# compatibility_mode=5893 16776574 100 94 0 146724646 0 0
# scanned=374218
# found=6
# cleaned=6
# scan_time=9462
sh=48EF8B4E06E0F1D3C06C4D6E1EA2B6CE48AA5231 ft=1 fh=ac26df35aa8ade69 vn="a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll.vir"
sh=58E82B640AB36A3760718DA774DC643FA6C80CB3 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus (deleted - quarantined)" ac=C fn="C:\Users\Jeremy\AppData\Local\Mozilla\Firefox\Profiles\dhnicim3.default\Cache\3\59\A1F22d01"
sh=9DC6F9C3C531D3149D3AE93B2C4F4ED43FEF4DA5 ft=1 fh=7c2cb7f17ce065a3 vn="a variant of MSIL/Adware.Colooader.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Jeremy\AppData\Local\Temp\81b4e5ac-08c6-4b59-b269-93b42343ddc6.exe"
sh=FA064A28A6DE53A1A3DD8E98AD8FF096FA8E0E96 ft=1 fh=15b4c317be97f4e3 vn="a variant of MSIL/Adware.Colooader.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Jeremy\Downloads\avira-2-0-1-4 (1).exe"
sh=FA064A28A6DE53A1A3DD8E98AD8FF096FA8E0E96 ft=1 fh=15b4c317be97f4e3 vn="a variant of MSIL/Adware.Colooader.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Jeremy\Downloads\avira-2-0-1-4.exe"
sh=8D45B9F5D258A2F56926A5D82C071D488E255676 ft=1 fh=05f228728ac67fd1 vn="a variant of Win32/AdWare.iBryte.S application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Jeremy\Downloads\Player-Chrome.exe"

jeremypc
Intermediate
Intermediate

Posts Posts : 142
Joined Joined : 2010-01-21
OS OS : windows xp home
Points Points : 27303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by Superdave on 19th March 2014, 1:52 am

Could you please update and run MBAM again?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by jeremypc on 19th March 2014, 10:59 am

Malwarebytes Anti-Malware 1.75.0.1300
[You must be registered and logged in to see this link.]

Database version: v2014.03.19.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Jeremy :: JEREMYLAPTOP [administrator]

3/18/2014 11:09:47 PM
mbam-log-2014-03-18 (23-09-47).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 636693
Time elapsed: 2 hour(s), 34 minute(s), 34 second(s)

Memory Processes Detected: 2
C:\Program Files (x86)\Re-markit-soft\Re-markit157.exe (PUP.Optional.ReMarkit.A) -> 1440 -> Delete on reboot.
C:\Program Files (x86)\Re-markit-soft\Re-markit_wd.exe (PUP.Optional.ReMarkIt.A) -> 2792 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 31
HKCR\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3} (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4} (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GigaClicks Crawler (PUP.Optional.GigaClicks.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.CoCreateAsync (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.CoCreateAsync.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.CoreClass (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.CoreClass.1 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.CoreMachineClass (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.CoreMachineClass.1 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.CredentialDialogMachine (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.CredentialDialogMachine.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.OnDemandCOMClassMachine (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.OnDemandCOMClassMachineFallback (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.OnDemandCOMClassSvc (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.ProcessLauncher (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.ProcessLauncher.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.Update3COMClassService (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.Update3COMClassService.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.Update3WebMachine (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.Update3WebMachine.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.Update3WebMachineFallback (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.Update3WebMachineFallback.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.Update3WebSvc (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.Update3WebSvc.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\consumerinput_update (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Re-markit (PUP.Optional.ReMarkit.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\575846f2-b4ed-4f88-8eb7-7feb9b153b09 (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:13828 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel (PUP.Optional.ReMarkit.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel\1.157.0.0_0 (PUP.Optional.ReMarkit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Re-markit-soft (PUP.Optional.ReMarkIt.A) -> Delete on reboot.

Files Detected: 41
C:\Users\Jeremy\AppData\Local\3783\a31456.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\GCC\uninstall.exe (PUP.Optional.GigaClicks.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2PD2A2PK\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C2838OIG\sp-downloader[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XJ2RFH08\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Temp\awh9128.tmp (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Temp\dca3f034-3f28-441e-a4e6-6ecab2368c66 (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Temp\f7605fbc-2be7-4bac-a1aa-55dea026f616 (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Temp\nse69C5.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Temp\nse6D20.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Temp\nsjF5C7.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Temp\nso6744.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Temp\nsoFB64.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Temp\nsyF847.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Temp\OfertaBundle.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Temp\Ofertaembededstub.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Temp\verifier.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Temp\nso5553\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Re-markit Update.job (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Re-markit_wd.job (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Re-markit-soft\Re-markit157.exe (PUP.Optional.ReMarkit.A) -> Delete on reboot.
C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel\1.157.0.0_0\b.html (PUP.Optional.ReMarkit.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel\1.157.0.0_0\b.js (PUP.Optional.ReMarkit.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel\1.157.0.0_0\c.js (PUP.Optional.ReMarkit.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel\1.157.0.0_0\icon128.png (PUP.Optional.ReMarkit.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel\1.157.0.0_0\icon16.png (PUP.Optional.ReMarkit.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel\1.157.0.0_0\icon48.png (PUP.Optional.ReMarkit.A) -> Quarantined and deleted successfully.
C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel\1.157.0.0_0\manifest.json (PUP.Optional.ReMarkit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Re-markit-soft\157.crx (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Re-markit-soft\157.dat (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Re-markit-soft\157.xpi (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Re-markit-soft\a.db (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Re-markit-soft\b.db (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Re-markit-soft\Re-markit157.bin (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Re-markit-soft\Re-markit157.ini (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Re-markit-soft\Re-markit_wd.exe (PUP.Optional.ReMarkIt.A) -> Delete on reboot.
C:\Program Files (x86)\Re-markit-soft\ReMar.exe (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Re-markit-soft\Sqlite3.dll (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Re-markit-soft\Uninstall.exe (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.

(end)

jeremypc
Intermediate
Intermediate

Posts Posts : 142
Joined Joined : 2010-01-21
OS OS : windows xp home
Points Points : 27303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by jeremypc on 19th March 2014, 4:31 pm

pop ups seem to be gone, computer is now pretty laggy. I'm getting a lot of "(not responding)" messages in the programs I am running. Things are slow to respond. Also, the computer has unexpectedly shut down on me once today while working on it.

jeremypc
Intermediate
Intermediate

Posts Posts : 142
Joined Joined : 2010-01-21
OS OS : windows xp home
Points Points : 27303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by Superdave on 19th March 2014, 5:14 pm

Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by jeremypc on 19th March 2014, 7:25 pm

ComboFix 14-03-19.01 - Jeremy 03/19/2014 14:33:04.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2613 [GMT -4:00]
Running from: c:\users\Jeremy\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_llmfehnfojojfamjjijjciopbjimcffa_0
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_llmfehnfojojfamjjijjciopbjimcffa_0\23
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_llmfehnfojojfamjjijjciopbjimcffa_0\24
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\background.html
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\crossriderManifest.json
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\manifest.xml
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins.json
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\1_base.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\17_jQuery.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\177_crossriderDashboard.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\182_openUrl.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\183_tabsWrapper.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\21_debug.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\22_resources.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\28_initializer.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\47_resources_background.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\5_notifications.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\64_appApiMessage.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\7_hooks.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\72_appApiValidation.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\9_search_engine_hook.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\userCode\background.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\userCode\extension.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\icons\actions\1.png
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\icons\icon128.png
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\icons\icon16.png
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\icons\icon48.png
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\api\chrome.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\api\cookie.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\api\message.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\api\pageAction.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\api\pageActionBG.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\background.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\app_api.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\bg_app_api.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\consts.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\cookie_store.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\crossriderAPI.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\delegate.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\events.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\extensionDataStore.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\installer.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\logFile.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\logging.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\onBGDocumentLoad.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\popupResource\newPopup.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\popupResource\popup.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\reports.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\storageWrapper.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\updateManager.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\util.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\xhr.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\main.js
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\manifest.json
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\popup.html
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\version.json
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_llmfehnfojojfamjjijjciopbjimcffa_0.localstorage-journal
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_llmfehnfojojfamjjijjciopbjimcffa_0.localstorage
c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Jeremy\AppData\Local\Temp\{8862ACC6-38CC-48AA-B4DC-9125EE98F461}\{98404919-33EC-42EA-A9FA-44A06B399B14}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Sara\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D2C74833-B155-49F7-9F08-5F3806E2D84F}.xps
c:\users\Sara\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D924AFFF-E742-45F2-914C-723CBF13C6CD}.xps
.
.
((((((((((((((((((((((((( Files Created from 2014-02-19 to 2014-03-19 )))))))))))))))))))))))))))))))
.
.
2014-03-19 18:46 . 2014-03-19 18:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-19 18:46 . 2014-03-19 18:46 -------- d-----w- c:\users\Sara\AppData\Local\temp
2014-03-19 18:46 . 2014-03-19 18:46 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-03-18 19:36 . 2014-03-18 19:36 -------- d-----w- c:\program files (x86)\ESET
2014-03-17 19:08 . 2014-03-17 20:16 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-17 02:36 . 2014-03-18 23:26 -------- d-----w- c:\program files (x86)\SpeedFan
2014-03-17 00:52 . 2014-03-17 00:52 -------- d-----w- c:\users\Jeremy\AppData\Roaming\Oracle
2014-03-16 18:42 . 2013-12-19 01:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-16 16:55 . 2014-03-16 16:55 -------- d-----w- c:\windows\ERUNT
2014-03-16 16:50 . 2014-03-16 16:50 -------- d-----w- c:\users\Jeremy\AppData\Roaming\Avira
2014-03-16 16:49 . 2013-12-09 15:37 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-03-16 16:49 . 2013-12-09 15:37 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-03-16 16:49 . 2013-12-09 15:37 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-03-16 16:49 . 2013-12-09 15:37 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-03-16 16:49 . 2014-03-16 16:49 -------- d-----w- c:\programdata\Avira
2014-03-16 16:49 . 2014-03-16 16:49 -------- d-----w- c:\program files (x86)\Avira
2014-03-16 16:40 . 2014-03-19 10:55 -------- d-----w- c:\users\Jeremy\AppData\Local\GCC
2014-03-16 16:40 . 2014-03-19 10:55 -------- d-----w- c:\users\Jeremy\AppData\Local\3783
2014-03-16 14:08 . 2014-03-16 14:11 -------- d-----w- C:\AdwCleaner
2014-03-14 13:09 . 2014-03-14 13:09 5777288 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-03-14 11:27 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-14 11:27 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-14 11:27 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-14 11:27 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-14 11:26 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D3C56C0-F56C-4370-8421-6F237D740F0F}\mpengine.dll
2014-02-25 18:28 . 2014-02-25 18:28 -------- d-----w- c:\windows\Migration
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-18 16:39 . 2011-07-08 11:19 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-14 13:09 . 2012-05-02 11:49 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-14 13:09 . 2011-07-11 12:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-24 23:09 . 2014-02-13 14:11 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48 . 2014-02-13 14:11 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-12-21 09:53 . 2014-02-14 14:42 548864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-21 08:56 . 2014-02-14 14:42 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Jeremy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-01-22 1171968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-03-17 689744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
c:\users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jeremy\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
3;2 taisregispinger;taisregispinger;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys;c:\windows\SYSNATIVE\drivers\eubakup.sys [x]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys;c:\windows\SYSNATIVE\drivers\EUBKMON.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys;c:\windows\SYSNATIVE\drivers\eudskacs.sys [x]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys;c:\windows\SYSNATIVE\drivers\EuFdDisk.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 EaseUS Agent;EaseUS Agent Service;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [x]
S2 Guard Agent;Guard Agent Service;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [x]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 21:39 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 13:10]
.
2014-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 01:36]
.
2014-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 01:36]
.
2014-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4048983874-3147870858-1501911587-1002Core.job
- c:\users\Jeremy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-23 12:49]
.
2014-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4048983874-3147870858-1501911587-1002UA.job
- c:\users\Jeremy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-23 12:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.1
DPF: {357A8DEC-0CAC-4D8D-9869-C2C356B844F7} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\dhnicim3.default\
FF - ExtSQL: 2014-03-16 12:39; {6e2a11d1-1853-4cd5-8568-23bab0f50bdb}; c:\program files (x86)\Re-markit-soft\157.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run- - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
AddRemove-Consumer Input Installer - c:\program files (x86)\Consumer Input\CIuninstall.exe
AddRemove-{F25146ED-8C9C-4D92-B26D-7B40AE34EA66}_is1 - c:\program files (x86)\Shop To Win\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-19 14:50:29
ComboFix-quarantined-files.txt 2014-03-19 18:50
.
Pre-Run: 339,121,324,032 bytes free
Post-Run: 340,946,182,144 bytes free
.
- - End Of File - - E3B3023E5F62DFA2FAE976ACDFF96A74

jeremypc
Intermediate
Intermediate

Posts Posts : 142
Joined Joined : 2010-01-21
OS OS : windows xp home
Points Points : 27303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by Superdave on 19th March 2014, 11:02 pm

Ok, could you please give me an update on your computer? Did Speedfan find any abnormal temps?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by jeremypc on 20th March 2014, 1:17 pm

Things seem to be better. How would I know if the temps were abnormal? I haven't seen any messages from speedfan.

jeremypc
Intermediate
Intermediate

Posts Posts : 142
Joined Joined : 2010-01-21
OS OS : windows xp home
Points Points : 27303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by jeremypc on 20th March 2014, 2:06 pm

it just shut down again...

jeremypc
Intermediate
Intermediate

Posts Posts : 142
Joined Joined : 2010-01-21
OS OS : windows xp home
Points Points : 27303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by Superdave on 20th March 2014, 4:52 pm

How would I know if the temps were abnormal? I haven't seen any messages from speedfan. .
Speedfan should highlight any abnormal temperatures with, I believe, flames. We need to check those temps.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by jeremypc on 20th March 2014, 5:06 pm

in that case,yes!

(blue arrow pointing down) HD0: 26 C
(flame) Temp1: 74C
(flame) Core 0: 75C
(flame) Core1: 63C

jeremypc
Intermediate
Intermediate

Posts Posts : 142
Joined Joined : 2010-01-21
OS OS : windows xp home
Points Points : 27303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by Superdave on 20th March 2014, 5:50 pm

[You must be registered and logged in to see this link.] wrote:in that case,yes!

(blue arrow pointing down) HD0: 26 C
(flame) Temp1: 74C
(flame) Core 0: 75C
(flame) Core1: 63C
That's what is shutting down your computer. It's running too hot. Perhaps the fan(s) have stopped working. It will continue to do this until the heating problem is resolved.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by jeremypc on 20th March 2014, 6:29 pm

fan is definitely working, I can hear it. maybe it's not working as well as it should..

jeremypc
Intermediate
Intermediate

Posts Posts : 142
Joined Joined : 2010-01-21
OS OS : windows xp home
Points Points : 27303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by Superdave on 20th March 2014, 7:32 pm

[You must be registered and logged in to see this link.] wrote:fan is definitely working, I can hear it. maybe it's not working as well as it should..
That's possible or it could be dusty inside.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by jeremypc on 20th March 2014, 8:24 pm

I researched it a little. seems toshibas are known for getting dirty/clogged inside. shop-vac-ed it and temps came down to around 50C...still some flame symbols...but much cooler. may need to take it apart to clean more thoroughly. I think all else is fixed now. thanks for you help!!!!

jeremypc
Intermediate
Intermediate

Posts Posts : 142
Joined Joined : 2010-01-21
OS OS : windows xp home
Points Points : 27303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer keeps shutting down when I'm using it.

Post by Superdave on 20th March 2014, 10:52 pm

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum