Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer keeps spontaneously shutting down--could it be a virus???


  • Please log in to reply
14 replies to this topic

#1 shakebooty

shakebooty

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 03 December 2013 - 06:53 AM

Hi--thanks for your help, first of all.

 

Well, lately my laptop (Gateway--about 4 years old) keeps spontaneously shutting down. I know it's not my battery, which I changed out last year; but also the battery is over 50% when it craps out on me. The laptop isn't hot, so i know it's not overheating.   Sometimes the top of my desktop image becomes pixelated when I am working on movie maker projects.And then, bam, it shuts down.  According to my Microsoft "issue center", I have a problem with my ATI driver but I can't connect to the internet (they say) to find the solution.

 

So I think, hmm---maybe a virus, but Argh! I haven't downloaded any new software in MONTHS, so I don't get why this is happening.

 

 

When I ran a Malware Malbytes scan and it claimed that the Freeware program and the FreeYouTube downloader were pup files that I should remove.( I use those programs almost daily, so I don't want to delete them.   Do I really have too?  Can you offer an alternative, preferably FREE one?)

 

Here is the log from a quick scan:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.03.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Owner :: OWNER-PC [administrator]
 
12/3/2013 4:39:22 AM
MBAM-log-2013-12-03 (04-48-39).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216716
Time elapsed: 9 minute(s), 4 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 3
C:\Users\Owner\AppData\Local\Temp\FreemakeVideoConverter_4.1.1.4.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Owner\Downloads\FreemakeVideoConverterSetup.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Owner\Downloads\FreeYouTubeDownloaderInstallerIC.exe (PUP.Optional.Wajam.A) -> No action taken.
 
(end)
 

 

 

I did not remove these files since I still want to you use the software. Maybe there is a way to extract its "malciousness" and I can still use the service they provide??? 

 

 

I also ran TDSSKiller and it said no threats found. 

 

Anyhow, not sure if this is a virus or just my laptop nearing its final stages, but I'd like to think that it is something that can be fixed. Thanks for your help!! 

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 shakebooty

shakebooty
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 06 December 2013 - 06:51 PM

Lately I haven't had any issues with my screen---only if I open MovieMaker.  I can watch videos and other streaming content fine, but if do anything with this program, then my computer gets weird. 

 

Looking forward to you response--seems like it's been several days and no one has attempted to help.  



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 08 December 2013 - 06:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/516195 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 shakebooty

shakebooty
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 08 December 2013 - 07:29 AM

.Here is the log:
 
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 6/14/2010 5:27:46 PM
System Uptime: 12/8/2013 1:48:23 AM (4 hours ago)
.
Motherboard: Gateway         |  | SJV50TR                        
Processor: AMD Athlon™ II Dual-Core M320 | Socket S1G3 | 798/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 334.943 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP250: 11/23/2013 7:23:48 PM - Windows Update
RP251: 11/27/2013 4:26:30 PM - Windows Update
RP252: 12/1/2013 3:40:27 PM - Windows Update
RP253: 12/2/2013 6:27:04 AM - Windows Backup
RP254: 12/2/2013 6:55:39 AM - Windows Update
RP255: 12/3/2013 3:49:10 AM - Windows Update
RP256: 12/3/2013 6:08:31 AM - Windows Update
RP257: 12/4/2013 3:37:44 AM - Windows Update
RP258: 12/4/2013 7:03:30 AM - Windows Update
RP259: 12/6/2013 4:19:04 AM - Windows Update
RP260: 12/6/2013 6:42:56 AM - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
???????????
64 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Adobe Shockwave Player 11.5
ALPS Touch Pad Driver
AMD USB Filter Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression for Kodak
ATI Catalyst Install Manager
Backup Manager Basic
Bonjour
Broadcom Gigabit NetLink Controller
Canon Easy-WebPrint EX
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chinese Simplified Fonts Support For Adobe Reader X
Cisco WebEx Meeting Center for Firefox or Chrome
Cisco WebEx Meetings
Compatibility Pack for the 2007 Office system
Conexant HD Audio
D3DX10
DJ_SF_06_D1600_SW_Min
DropBox
EasyMP Network Projection Ver.2.77
Epson USB Display
Facebook Video Calling 1.2.0.287
Foxit PDF Editor
Free YouTube Downloader 3.5.157
Freemake Video Converter version 4.1.1
Gateway InfoCentre
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
Google Chrome
Google Drive
Google Earth Plug-in
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.5.0.457
HDAUDIO Soft Data Fax Modem with SmartCP
HP Deskjet D1600 Printer Driver 14.0 Rel. 6
iCloud
Identity Card
iTunes
Java 7 Update 25
Java Auto Updater
Jing
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MobileMe Control Panel
Movie Maker
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
Norton DNS
Photo Common
Photo Gallery
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Revo Uninstaller Pro 3.0.5
Riverpoint Writer
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition 
Skype Toolbars
Skype™ 5.10
Toolbox
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Video Web Camera
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPatrol
WiTopia
Yahoo! BrowserPlus 2.9.8
.
==== Event Viewer Messages From Past Week ========
.
12/8/2013 1:48:41 AM, Error: atikmdag [52236]  - CPLIB :: General - Invalid Parameter
12/8/2013 1:48:41 AM, Error: atikmdag [43029]  - Display is not active
12/6/2013 6:25:37 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Norton DNS service.
12/6/2013 4:46:26 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{7D75E6D8-5F38-470D-9B0B-5E195A7F6055} because another computer on the network has the same name.  The server could not start.
12/6/2013 4:21:18 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
12/6/2013 4:19:52 AM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{09B8CACB-F860-41F7-8EFB-7946CAAD829F} because another computer on the network has the same name.  The server could not start.
12/3/2013 5:42:27 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
12/3/2013 4:09:10 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{D218865E-178F-4DCF-A851-7EEFA70B282C} because another computer on the network has the same name.  The server could not start.
.
==== End Of File ===========================


#5 shakebooty

shakebooty
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 08 December 2013 - 08:17 AM

Oops, forgot to post this log too.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.16428
Run by Owner at 5:05:36 on 2013-12-08
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3838.2327 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\EPSON Projector\EasyMP Network Projection V2\EMP_NSWLSV.exe
C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN64\IcbcDaemon_64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\WiTopia\WiTopia.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Users\Owner\Desktop\Norton DNS\NortonDNSTray.exe
C:\Program Files (x86)\Video Web Camera\traybar.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\WiTopia\WiTopiaService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Users\Owner\Desktop\Norton DNS\NortonDNSSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DropBox\DropBox\DropBox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WiTopia\Resources\openvpn.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Video Web Camera\CEC_MAIN.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wermgr.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: ICBC Anti-Phishing class: {BB4491A2-D11A-4c6b-91C0-B53246A3122B} - C:\Program Files (x86)\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [WiTopia] C:\Program Files\WiTopia\WiTopia.exe
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DropBoxUtility] "C:\Program Files (x86)\DropBox\DropBox\DropBox.exe" /s
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NORTON~1.LNK - C:\Users\Owner\Desktop\Norton DNS\NortonDNSTray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} - hxxps://mybank.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{05241014-DA4B-4C1E-B9C6-47A885FDB640} : NameServer = 10.118.0.1
TCP: Interfaces\{12DB63F1-A16B-47FE-8CD0-68A1FE04EBEA} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{20F3934F-0B42-4CA0-843C-D564F8661D4E} : DHCPNameServer = 10.118.0.1
TCP: Interfaces\{381DBF66-1DF6-40D3-9AD6-9D207654C27D} : NameServer = 10.118.0.1
TCP: Interfaces\{6310256B-858B-4494-B4CB-731BB08E36CD} : NameServer = 10.118.0.1
TCP: Interfaces\{667FB58C-4F36-4DCE-B710-6E4079CEB545} : NameServer = 198.153.192.1,198.153.194.1
TCP: Interfaces\{667FB58C-4F36-4DCE-B710-6E4079CEB545} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{667FB58C-4F36-4DCE-B710-6E4079CEB545}\348696E616E45647D235471627265736B637 : NameServer = 198.153.192.1,198.153.194.1
TCP: Interfaces\{667FB58C-4F36-4DCE-B710-6E4079CEB545}\348696E616E45647D235471627265736B637 : DHCPNameServer = 221.228.255.1 218.2.135.1
TCP: Interfaces\{667FB58C-4F36-4DCE-B710-6E4079CEB545}\3547574656E647 : DHCPNameServer = 10.254.100.22 10.212.100.22
TCP: Interfaces\{667FB58C-4F36-4DCE-B710-6E4079CEB545}\97F65727E6564777F627B6E616D656 : NameServer = 198.153.192.1,198.153.194.1
TCP: Interfaces\{667FB58C-4F36-4DCE-B710-6E4079CEB545}\97F65727E6564777F627B6E616D656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{667FB58C-4F36-4DCE-B710-6E4079CEB545}\A6279716E6 : NameServer = 198.153.192.1,198.153.194.1
TCP: Interfaces\{667FB58C-4F36-4DCE-B710-6E4079CEB545}\A6279716E6 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{667FB58C-4F36-4DCE-B710-6E4079CEB545}\B49627368626562776 : NameServer = 198.153.192.1,198.153.194.1
TCP: Interfaces\{667FB58C-4F36-4DCE-B710-6E4079CEB545}\B49627368626562776 : DHCPNameServer = 213.42.20.20 195.229.241.222
TCP: Interfaces\{9989774F-AAD5-4F6D-A720-330CA1CF4576} : NameServer = 10.118.0.1
Handler: KuGoo - <Clsid value has no data>
Handler: KuGoo3 - <Clsid value has no data>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: ICBC Anti-Phishing class: {8BCB0605-D909-4c3b-B490-DEFE88BA95FA} - C:\Program Files (x86)\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN64\Icbc_AntiPhishing_64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: KuGoo - <Clsid value has no data>
x64-Handler: KuGoo3 - <Clsid value has no data>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5w89rfae.default-1374334295457\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-13 203264]
R2 EMP_NSWLSV;EMP_NSWLSV;C:\Program Files (x86)\EPSON Projector\EasyMP Network Projection V2\EMP_NSWLSV.exe [2012-9-18 98304]
R2 EMP_UDSA;EMP_UDSA;C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe [2012-9-18 157696]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-4-12 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 ICBC Daemon Service;ICBC Daemon Service;C:\Program Files (x86)\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN64\IcbcDaemon_64.exe [2013-6-14 545416]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-16 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-16 701512]
R2 Norton DNS;Norton DNS;C:\Users\Owner\Desktop\Norton DNS\NortonDNSSvc.exe [2010-10-13 97664]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-9-24 62720]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-3-6 39056]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-10-29 240160]
R2 WiTopiaService;WiTopia Service;C:\Program Files\WiTopia\WiTopiaService.exe [2013-2-9 63576]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2010-4-12 292864]
R3 EMP_MIRRUD;EMP_MIRRUD;C:\Windows\System32\drivers\EMP_MirrUD.sys [2012-9-18 5632]
R3 eppvad_simple;EPSON Projector UD Audio Device;C:\Windows\System32\drivers\EMP_UDAU.sys [2012-9-18 23040]
R3 EPPVAD2_simple;EPSON Projector ENP Audio Device;C:\Windows\System32\drivers\EMP_NSAU.sys [2012-9-18 23040]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-20 317480]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-16 25928]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-4-12 34872]
R3 visctap0901;Viscosity Virtual Adapter V9.1;C:\Windows\System32\drivers\visctap0901.sys [2013-2-9 38856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-6 111616]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-10 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-7-17 31800]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-29 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2011-8-19 30720]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-10 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-14 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2013-12-08 00:55:17 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E3655E5C-6906-44C3-BDD4-7F2E5645933D}\mpengine.dll
2013-12-06 23:54:59 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BE1C83D3-5601-4519-B51E-B702D61E429F}\gapaengine.dll
2013-12-06 23:54:36 10285968 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-06 13:44:59 97880 ----a-w- C:\Program Files (x86)\Internet Explorer\pdmproxy100.dll
2013-12-04 12:32:56 -------- d-----w- C:\Program Files (x86)\DropBox
2013-12-02 14:06:33 -------- d-----w- C:\Windows\Migration
2013-12-02 12:29:25 -------- d-----w- C:\ProgramData\Freemake
2013-12-02 12:29:04 -------- d-----w- C:\Program Files (x86)\Freemake
2013-11-13 13:45:18 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-13 13:45:18 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-11-13 13:45:11 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-11-13 13:45:06 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-11-13 13:45:05 197120 ----a-w- C:\Windows\System32\credui.dll
2013-11-13 13:45:05 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-13 13:45:05 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-11-13 13:45:04 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-11-13 13:45:04 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
.
==================== Find3M  ====================
.
2013-12-06 13:44:59 74240 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-10 00:21:01 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-10 00:21:00 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-10 00:20:44 17813896 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-27 16:53:06 248240 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-09-27 16:53:06 134944 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-12 04:21:54 863344 ----a-w- C:\Windows\SysWow64\msvcr110_clr0400.dll
2013-09-12 04:21:54 501872 ----a-w- C:\Windows\SysWow64\msvcp110_clr0400.dll
2013-09-12 04:21:54 28776 ----a-w- C:\Windows\SysWow64\aspnet_counters.dll
2013-09-12 04:21:54 18000 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
2013-09-12 02:39:06 855664 ----a-w- C:\Windows\System32\msvcr110_clr0400.dll
2013-09-12 02:39:06 614000 ----a-w- C:\Windows\System32\msvcp110_clr0400.dll
2013-09-12 02:39:06 30312 ----a-w- C:\Windows\System32\aspnet_counters.dll
2013-09-12 02:39:06 18000 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
2012-06-13 16:23:30 893560 ----a-w- C:\Program Files (x86)\Common Files\AutoCompletePro.exe
.
============= FINISH:  5:06:59.26 ===============


#6 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:08:34 PM

Posted 09 December 2013 - 04:34 PM

Greetings shakebooty and Welcome to the forums,

Freemake VideoConverter isn't likely the issue, nor would the YouTube Download "helper" either be so concerning...but WHERE you downloaded these from could very well be why mbam is screaming about them. I use them both and I also have mbam with real time protection active. Never has mbam complained of them and I have the settings for mbam such that any and all recognized PUP's would be found, listed and checked for removal.

Do you remember where you downloaded those programs from? If it was cnet, then I would recommend that you uninstall them both and try these download locations:
FireFox addon for YouTube VideoDownload Helper.

Freemake Video Converter 4.1.2.0.
...and by the way, you need to update your software more often (Java is out of date as well).

Please uninstall the version of java you have, and install the latest version Here.

On your next reply, tell us please where you DID download those two programs, and tell us if you actually use the programs "GoToMeeting" and "DropBox".

Also, please clarify what the computer does when you say it just spontaneously shuts down...that is, does it reboot itself or is it actually closing down all open programs and shuts down completely (you can hear the disk spin down), thanks!


Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#7 shakebooty

shakebooty
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 11 December 2013 - 04:59 AM

Thanks so much for the help.  I have updated Java-  I thought I had the latest version as Window's updater usually notifies me. How else do you know that it is out of date?

 

I uninstalled both Freemaker and Free YouTube downloader--I am sure I downloaded it from cNet, but can't exactly remember.  But I downloaded the Video Converter program you suggested and I will try that.  I couldn't get the YouTube downloader to work.  But maybe it is because it is for Firefox and I use Chrome (I use Google translate feature of Chrome often since I live in China).  Is there something else I could try?

 

As for Dropbox and GoToMeeting, yes, I use those.  Dropbox more so than GoToMeeting, but I attend webinars via GTM.  Recently I am working on  a project with another teacher and so we are using a media sharing website, DropShots to upload and share videos and pictures and I had to upload this useless DropBox program that is supposed to upload our content quicker.  It never worked for me, so I now I have to wonder if this is the culprit.  I uninstalled it, but how can I be sure it didn't leave a mark?  Would MBAM pick up?  

 

As for my computer, it instantly shuts down and doesn't reboot.  . And I can't recall hearing my disk running. It's as if my battery died (except it's fully charged), and with no warning, it goes black. 

 

Well, looking forward to the next steps. Many thanks!J



#8 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:08:34 PM

Posted 11 December 2013 - 09:09 AM

As to your concern about the out dated software, remember, Windows Update is a Microsoft feature and it's function/concern is largely for your operating system. There is a sparse few (comparatively speaking) other pieces of installed hardware items along with any other Microsoft product on board that "Windows" might also advise you about available updates during a scan of your system.

To address the other installed software that should be updated, you can download FileHippo's Update Checker.

Double-click the FHSetup.exe file to install it. When the install completes, you'll find the Update Checker shortcut on the desk top. Double-click on it and a scan begins with the results showing in your browser. Any software it finds to be out of date, will be presented in your browser. Just click on the download link provided there to download your software updates. Ignore the beta software unless you want that...during the scanner initialization, you can click the settings link, then click the results tab and check the box "Hide beta versions". After clicking the OK button, click the "Retry" link to continue the scan with those settings. Please remember to post back your results to let us know what updates it found for you.

Next, regarding the you tube download helper...my fault for assuming that you use Firefox. I don't use Chrome so I can't vouch for it but you should be able to find the alternate you tube video download helper "addon" for chrome Here.

Next, as for the DropBox uninstall, I wouldn't worry since you uninstalled it. The concern there was due to known security issues with it and not regarding the software itself. Any left over files it may have after the uninstall can simply be deleted using your on board disk clean up manager...or you could use something like CCleaner as well.

OK, on to business then...

Let's get started with the shutdown issue and start with the easy questions first:
1) Are you running the laptop on battery or via the plug-in cord when it shuts down?
2) How much installed RAM does the system have?
3) Does your shutdown issue occur ONLY while you are working with video files...that is, either while viewing a streaming video from the web or working with some on board video file...editing it perhaps?

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#9 shakebooty

shakebooty
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 12 December 2013 - 06:43 AM

Okay, that's great info.  Thanks!

 

You know I  haven't really unplugged my computer much since the last time it happened; When, I had my computer unplugged and it went dead, I just thought it was my battery.  But then the last time it happened, I actually rebooted it and looked at its battery level before plugging it back in--it had been over 50% charged,so I knew it couldn't be my battery.  And it only happened when I was working on video content.  Not so much when I was watching streaming videos, but when I was working on movie maker.  When I use movie maker, the top half of my screen starts to pixalate after a while and my video content becomes choppy or stutters when it plays.  But just the desktop image--not the screen image I am working or with other programs like ppt or word, as well as surfing the internet. I also had Freemaker program open, since I was converting files and then adding them to the movie maker project. But Freemaker didn't have its image pixalate--really seems isolated to Moviemaker  I hope this is helpful.

 

 

By the way, I downloaded the filehippo, but couldn't get the chrome add-on to download--when I was going through declining the search bars and whatever extra programs they try to promote, it froze up on me--3 times. 



#10 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:08:34 PM

Posted 12 December 2013 - 09:16 AM

Nothing uses up RAM quicker than video/music files so I still would like to know how much installed RAM there is on that system but of all you had to say, below is what throws up the red flag for me:

"...it only happened when I was working on video content. Not so much when I was watching streaming videos, but when I was working on movie maker. When I use movie maker, the top half of my screen starts to pixalate after a while and my video content becomes choppy or stutters when it plays..."

The only other caveat that might become part of the equation is if you were able to say that this all began suddenly and hasn't worsened over time.

Things that get quirky all of a sudden are usually related to system changes...changes due to one of two things (or both):
1) Malware
2) System updates

So, I'd like you to do the following before your next reply:

STEP 1) Download and run the "free" Peronal Software Inspector scan. That web page explains very well, what this does and how to use it but please post back with any questions you may have about it before you get started.

STEP 2) Run a complete system scan using the ESET online "Free" scan (instructions rendered below)

Please note that disabling your on board antivirus product is not necessary while you scan with ESET online scanner Here. Click the Run ESET Online Scanner button. Another window will open...here, please accept the agreement, then click the Start button.

When prompted, install the needed software to perform the scan . When it finishes with the install, make sure to check the box titled Scan archives (the Remove found threats box should already be checked by default so PLEASE remove the check from this box).

Next, click the "Advanced Settings" link. Please make sure all boxes are checked except for "Use custom proxy settings". then click the Start button.

When it completes, use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log with your next reply.

So, to summarize all this, step 1 above is to replace our effort to update your software using FileHippo (so you can uninstall that if you like), and step 2 is our effort to ensure this issue does not relate to any malware that might be present.

...and if you have any questions at all please ask before you begin but note that I will be away this morning for a few hours and will return in the early afternoon. Thanks!


Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#11 shakebooty

shakebooty
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 14 December 2013 - 07:12 PM

I have a Gateway NV53, with 4.00 GB, 3.75 are usable. The screen pixalating began suddenly and only happens when I am working on video content. Yeah, I agree because it happened so spontaneously it made me suspect malware.

 

I tried to do the Personal Software inspector but the link you sent says it was forbidden by Secunia and so it was not available. I will run Eset now and post the results.



#12 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:08:34 PM

Posted 15 December 2013 - 06:17 AM

I've attached a screenshot of my desktop of how Secunia treats me when I click the link from the instruction I provided:

 

Attached Files


Edited by 1972vet, 15 December 2013 - 06:18 AM.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#13 shakebooty

shakebooty
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 15 December 2013 - 09:11 AM

Esset scanner said no threats found. hmmm.....I will try the other program now.



#14 shakebooty

shakebooty
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 17 December 2013 - 08:22 AM

Still haven't been able to download the Secunia program. Well, that's not true--I got it to download but my computer wouldn't let it run. Any ideas?



#15 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:08:34 PM

Posted 17 December 2013 - 09:59 AM

I believe you've had this fairly well narrowed down from the beginning but we did have a need to confirm your suspicions/findings. I think now, we've done so...

As you have found a couple times here, there have been issues with your system's ability to access or run certain programs or online scans. I believe this is due largely to your on board protective software "WinPatrol".

WinPatrol is an excellent piece of software to use and I recommend it, but if one answers incorrectly to any of it's querys then problems can accumulate while trying to perform functions or tasks relative to the source of software questioned by WinPatrol's protective feature(s).

So, at this point there are two ways we could attack this and they are:
1) Either boot to safe mode "with networking" and try running the Secunia scan there, or
2) Simply disable WinPatrol from the system tray and try running the Secunia scan

...I might add, your attempt at trying the "FileHippo" updater might also have been due to WinPatrol's  tight rein on the helm.

I do have serious doubts though, that there is any other cause for concern relating to your screen issue during the use of any Video manipulation software except for the fact that your video card just might be starting to show signs of it's age and/or wear. One other way to determine if this is so would be to try running the offending program also while in safe mode. If your screen issue occurs while in safe mode then I would suspect your video card. If not then it would relate to some piece of software which runs while in normal mode but not while in safe mode.

One last caveat of note is that your access denial to certain web sites could also be related to the use of NortonDNS...so just keep that in mind.

Let us know how it turns out once you've decided which of these suggestions you'd like to experiment with of if (in fact) you would need instructions before you proceed. Thanks!
 


Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users