New Gateway shuts down without warning

Discussion in 'Windows - Virus and spyware problems' started by josiepop, Nov 24, 2009.

  1. josiepop

    josiepop Member

    Joined:
    Aug 8, 2005
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    11
    Thanks in advance for reading and any help--I love AfterDawn and can usually find the solution to my problems without even posting a new thread.



    Specs:
    Gateway LX6810-01
    Intel Core 2 Quad CPU Q8200 2.33 GHz
    8G RAM
    64 Bit
    Service Pack 1
    Windows Vista Home Premium

    I'm trying to fix a friend's computer. It is new and hasn't been used too much. It shuts down by itself, with no warning. There is no popup dialogue or anything. It won't stay on long enough to run Super Antispyware, but a quick scan with Malwarebytes Anti-Malware only showed a tracking cookie. Since it is 64 bit, I haven't used ComboxFix.

    Here is the HijackThis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:09:14 PM, on 11/24/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18828)
    Boot mode: Normal

    Running processes:
    C:\Windows\MHotKey.exe
    C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
    C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
    C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    C:\Windows\ChiFuncExt.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0209&m=lx6810-01
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0209&m=lx6810-01
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0209&m=lx6810-01
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [EEventManager] "C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [EPSON Artisan 800 Series] "C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEMA.EXE" /FU "C:\Windows\TEMP\E_SA0A7.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: SmartCopy.lnk = C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
    O4 - Global Startup: SmartLauncher.lnk = C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O13 - Gopher Prefix:
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 8076 bytes


    I'm wondering if it is a virus problem at all. From several searches, I've seen ideas of a bad PSU. I checked the settings and saw this:

    CPU Temp: 33c/91f
    System Temp: 39c/102f
    CPU Fan Speed: 1308-1350 RPM
    System Fan Speed: N/A

    Thanks again for any help!
     
  2. syxguns

    syxguns Active member

    Joined:
    Jan 13, 2006
    Messages:
    1,378
    Likes Received:
    4
    Trophy Points:
    68
    Well there are many things that can cause this problem. I just took a quick look at the HjT log, and didn't notice anything that was a problem.

    Your temps are good on the machine, but this doesn't mean that the system fans are working properly. I had a similar problem on one of my PC's, so I opened the case to ensure that everything was running. I noticed that my CPU fan was spinning, but was not spinning very fast. I placed my finger lightly against it and it came to a stop!! I would also ensure that the PSU is working properly as high temps will cause a shutdown.

    If your fans are running well, then boot into safe mode and see if you can run SUPERAntiSpyware. If the machine does not turn off in safe mode then we will know that it is a virus that is the cause of the problem.

    You may also download Speedfan to keep an eye on your temps. http://www.almico.com/speedfan.php

    Another nice little tool to have is EndItAll2. http://www.docsdownloads.com/enditall-1.htm

    EndItAll will allow you to view all running processes on your machine and kill anything that should not be running. Be sure to google a file if you are not sure what it is.

    Hopefully you will be able to get the computer fixed pretty fast. If you are still having problems, then let me know and I will take the time to give the HjT log a closer look.
     
  3. josiepop

    josiepop Member

    Joined:
    Aug 8, 2005
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    11
    Thanks very much. I'm sorry it took so long to reply. I ended up giving the computer back before I got a response here. I did get it fixed. I can't say I did anything differently, just kept persisting with running the software. Renaming the installation files before running them did help, and so did running it out of safe mode. I will keep your advice handy for next time. Thanks again!!
     

Share This Page