Suspected Virus

[FredLOMD]

Hi, in the past few months I have had trouble with my computer shutting down on me. It does this only when I run a program or game that uses full screen mode (no window) and it always does it 1 or 2 minutes after the program starts. The computer simply turns off abruptly (blank screen, no power). I have run numerous scans for viruses and spyware and have found nothing (spyware cleared out some stuff, as usual, but not thing that was causing the problem). Any help resolving this issue would be greatly appreciated.

System:

Microsoft Windows XP
Professional
Version 2002
Service Pack 2

Computer:
Mobile AMD Athlon(tm) XP-M
Processor 2800+
1.60 GHz, 992 MB of RAM

I have been using AVG free edition and Trend Micro's Sysclean to scan for viruses and Spybot to deal with spyware. In case it makes a difference, my computer uses a built in graphics card (64mb I think) that struggles with even simple graphics, but this problem has occurred even when no strain on the system was evident. Thanks in advance.

[unlovedwarrior]

ok make sure your case is free of dust
and

dl
avg anti-spyware
superanti-spyware
adaware se personal
Ccleaner

update and do full scans in safe mode

[FredLOMD]

Well, I'm beginning to doubt that this is a virus, although I welcome any help in discovering what it really is and how to fix it. I downloaded the recommended programs, brought all their files up to date, and entered safe mode. Here is how it went:

Ad-Aware: Found and removed some things, mostly cookies.

AVG Anti-Spyware: Same as Ad-Aware

Cclean: Cleaned out a pile of files

Spybot: My computer pulled the shutdown thing on me when this was about 75% through it's scan.

Super AntiSpyware: Same as Spybot except that the shut down came much earlier.

AVG Anti-Virus: This is where things got weird. My computer has 2 disks. It scanned the first one, which contains windows, without problems but my computer shut down on me part way through scanning the second hard drive (used for storage). I restarted my computer and did a scan again, following where it was scanning up until it crashed, noted the program it was scanning, and removed the program from the system. I then ran Spybot again, and the crashing persisted. At this point I ran AVG scanning specific drives. I first scanned the second drive and the scan completed with no problems and no viruses found. I then had it scan the first drive and it again had no problems completing the scan and found no viruses. Now I ran a complete scan again and the complete scan got through both hard drives without shutting down and found no viruses. So now I ran spybot again and... it shut down as before.

So, if anyone has any idea as to what could be causing this and how to fix it (or who I should ask about this) it would be a big help. Thanks alot.

[CBMatt]

I restarted my computer and did a scan again, following where it was scanning up until it crashed, noted the program it was scanning, and removed the program from the system.

What program did you remove?

[FredLOMD]

The program was called Eclipse. It was set up for writing java, however since my recent classes have been in C and C++ I haven't use it for the last 4 months. I've had it there for over a year so I doubt that it was the problem (as demonstrated by the fact that the problem persists even after I removed the program).

[CBMatt]

Well, you could post a HijackThis log just for the heck of it, but I'm not entirely convinced yet that an infection is involved.  It wouldn't hurt to look, though.

[Ledio]

Maybe that was a conflict beetwen hardware that the program used.
What devices did you used for that program???

Ledio

[FredLOMD]

Eclipse was a programing interface so it would have used all the devices that most programs that edit text use (mouse, keyboard, etc.) I seriously doubt that it was causing any problems. I only removed it to see if it would fix anything, and a best I can tell it did not. I think the most likely problem at this point is that all these programs are calling on some file or process somewhere that isn't working right (although I have no idea what it could be).

Since I can't think of anything better to do right now, here is the log file from the hijackthis scan:

Code: [Select]

Logfile of HijackThis v1.99.1
Scan saved at 9:39:12 AM, on 5/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by129fd.bay129.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)


[FredLOMD]

Well, computers are crazy things aren't they. In the last little while I've been uninstalling and reinstalling drivers for various parts of my computer to see if any of them where causing the problem. None of that worked.

Eventually I gave up, hauled my computer outside, and cleaned all the dust out of it. Suddenly, it's all working. Some little piece of dust somewhere must have been causing a problem that was only encountered by certain programs when interacting with a certain area of the computer.

Thanks for your help everyone.

[unlovedwarrior]

ok make sure your case is free of dust
and

dl
avg anti-spyware
superanti-spyware
adaware se personal
Ccleaner

update and do full scans in safe mode

lol

[CBMatt]

Glad to hear you got it sorted out.  Your log looks clean, by the way.