Computer shut it down unexpectedly

P

paulcheung

Active Member
Hi,
I have this Gateway MX6214 laptop computer that I use to surf the internet and read the computer forums and etc.
Few days ago it shut down it self a few times and windows couldn't start more than one occations, it have to do 2 sysytem restores before it start back. It still shut down it seft few times today. I am wonder if it caught a virus or had hardware issues. I scan it with marlwarebytes and found nothing, below is the log. please look at it to see if I get any virus?
Thank you.
Paul
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4323

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18/07/2010 08:50:54 PM
mbam-log-2010-07-18 (20-50-54).txt

Scan type: Quick scan
Objects scanned: 130417
Time elapsed: 7 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:47:13 PM, on 18/07/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\NILaunch.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\lotus\organize\easyclip.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Ken Chun Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AXGQJPTL\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.2.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.2.0.12\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coIEPlg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Net-It Launcher] C:\Windows\system32\NILaunch.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RestartNeroSetup] "C:\Users\KENCHU~1\AppData\Local\Temp\NERO13820\setupx.exe"
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKCU\..\Run: [cdloader] "C:\Users\Ken Chun Cheung\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Global Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe

--
End of file - 7100 bytes
 
The only entry i'm concerned about is this one.

O4 - HKLM\..\Run: [RestartNeroSetup] "C:\Users\KENCHU~1\AppData\Local\Temp\NERO13820\se tupx.exe"

Malware/viruses like to reside in the the local temp folders as well. Did you get this program from a legit site or from Utorrent which I see you have installed?

Have you tried installing nero and couldn't finish? If so, then your fine.

As far as the system shutting down, check the event viewer for any entries explaining why.
 
Thanks John, I don't remember if the installation was stopped the first time, it is a trial version from one of the utterent site. so do you think is a virus? this program has been install for few weeks ago, this just happen 2 days ago. would the virus will stay inactive for a while and then start?
When I run the hijackthis. it did stop and say "for some reason the system denied the access write to the host file". and tell me to use notepad to edit the host file. in the bottom of it, say for vista simply close the hijackthis and right click on the icon run as adminstrator, but when I try the notepad it say I don't have the permmision to write in the folder and must consult the system administrator, when I right click on the icon it does not have any option to run as administrator. does hijackthis compatable with windows 7? when I run it on compatable issue and run for xp compatable it didn't stop.
any idea?
Thanks again.
Paul
 
Hi Paul,

I seems that this is a hardware issue of the cpu over heating. You said that the windows OS did not start?. This happens when your computer fans are clogged up with dust so they either, don't spin or are blocked so no air passes between them.
The system hardware has a fail safe that shuts down the computer suddenly to prevent a fire breaking out or a melted computer.
Does your computer laptop/desktop reside in a dusty or dirty environment?

I'm not available often (uni ele/avi studies) so can someone continue this.

wish you the best from the pacific. great work john
 
paulcheung said:
Thanks John, I don't remember if the installation was stopped the first time, it is a trial version from one of the utterent site. so do you think is a virus? this program has been install for few weeks ago, this just happen 2 days ago. would the virus will stay inactive for a while and then start?
When I run the hijackthis. it did stop and say "for some reason the system denied the access write to the host file". and tell me to use notepad to edit the host file. in the bottom of it, say for vista simply close the hijackthis and right click on the icon run as adminstrator, but when I try the notepad it say I don't have the permmision to write in the folder and must consult the system administrator, when I right click on the icon it does not have any option to run as administrator. does hijackthis compatable with windows 7? when I run it on compatable issue and run for xp compatable it didn't stop.
any idea?
Thanks again.
Paul
Click to expand...

Hijackthis is compatible with windows 7 and you should right click on hijackthis and click on run as administrator. If that option isn't available, then i don't know.

Have you looked in event viewer to see if there are any entries telling you whats wrong?

You can download, update and run superantispyware to see if it finds anything.
http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html
 
The event viewer said the system shut down due to a critical thermal event. the source is kernel-power, I guess it is over heat. but strange things is Sunday afternoon after I manually going the temp folder and delete the files and went to rigistry and delete the entry. it hasn't happen again since.
Thank you,
Paul
 
I suggest get the thermal paste checked, the same thing had happned to my PC. I got the thermal paste re applied and it's working fine
 
Thermal paste/compound/grease is a must for all processors:
From wiki (credits wiki): Both high power handling transistors, like those in a conventional audio amplifier, and high speed integrated circuits, such as the central processing unit (CPU) of a personal computer, generate sufficient heat to require the use of thermal grease in addition to the heatsink. High temperatures cause semiconductors to change their switching properties to the point of failure while CPU power dissipation overheating causes logic errors as heat raises electrical resistance on the multi-nanometer wide circuits of the CPU core

When and cooling unit is installed over the cpu, there will almost always be gaps between them which are filled with air.
FACT (credits to wiki): air being approximately 8000 times less efficient at conducting heat than Thermal Paste.

I recommend any one who has a computer to use VERY GOOD QUALITY thermal compound, as it is the most important and easily looked over part of your cpu cooling system. It is the thing that transfers heat energy from your cpu to the cooling system, without it: THE COOLING SYS HAS NOTHING TO COOL. It consists of an alloy of high conductivity elements that work together to create a, grease like substance.

http://en.wikipedia.org/wiki/Thermal_grease

You should never uninstall your heat sink if you don't have thermal paste on hand, because it hardens to form a excellent conducting layer that fills all the gaps between the cooling unit and cpu. When it is broken (cooling system removal results in this) it becomes less conductive because the layers have gaps between them.

If THE WORST HAPPENS: USE TOOTH PASTE BUT DON'T exceed 40-30%cpu.

not everything is virus

Glad to see you have solved your problem but I STRONGLY RECOMMEND YOU CHANGE YOUR THERMAL PASE AND CLEAN THE INSIDES OF YOUR COMPUTER.

This has happened may times with my clients.
 
Last edited:
Tomboby8 said:
Thermal paste/compound/grease is a must for all processors:
From wiki (credits wiki): Both high power handling transistors, like those in a conventional audio amplifier, and high speed integrated circuits, such as the central processing unit (CPU) of a personal computer, generate sufficient heat to require the use of thermal grease in addition to the heatsink. High temperatures cause semiconductors to change their switching properties to the point of failure while CPU power dissipation overheating causes logic errors as heat raises electrical resistance on the multi-nanometer wide circuits of the CPU core

When and cooling unit is installed over the cpu, there will almost always be gaps between them which are filled with air.
FACT (credits to wiki): air being approximately 8000 times less efficient at conducting heat than Thermal Paste.

I recommend any one who has a computer to use VERY GOOD QUALITY thermal compound, as it is the most important and easily looked over part of your cpu cooling system. It is the thing that transfers heat energy from your cpu to the cooling system, without it: THE COOLING SYS HAS NOTHING TO COOL. It consists of an alloy of high conductivity elements that work together to create a, grease like substance.

http://en.wikipedia.org/wiki/Thermal_grease

You should never uninstall your heat sink if you don't have thermal paste on hand, because it hardens to form a excellent conducting layer that fills all the gaps between the cooling unit and cpu. When it is broken (cooling system removal results in this) it becomes less conductive because the layers have gaps between them.

If THE WORST HAPPENS: USE TOOTH PASTE BUT DON'T exceed 40-30%cpu.

not everything is virus

Glad to see you have solved your problem but I STRONGLY RECOMMEND YOU CHANGE YOUR THERMAL PASE AND CLEAN THE INSIDES OF YOUR COMPUTER.

This has happened may times with my clients.
Click to expand...

It is a laptop, I don't think I wanted to going there to fool around unless it is absolute necessarry. I will wait and watch to see what happen later. it has run from sunday afternoon till now none stop without any problem, so I will wait.
Thank you.
Paul
 
You must log in or register to reply here.
Back
Top