It is currently Fri Jun 22, 2018 9:43 pm


Shutdown Problem on Windows ME

All versions of Window XP and 2003 including 32 bit and 64 bit

Moderator: icecube

Shutdown Problem on Windows ME

Postby goodtaste » Tue Jun 15, 2004 2:26 am

Hi! I am new to this forum so I want to greet everyone! :wink:
I hope someone can help me. I was severely invaded by adware and it got to be so bad I had to send my computer to the shop. It was even partitioned! Most of it is gone but these are hanging tough:

HuntBar
DSO Exploit
Look2Me

Now, I have Spybot (updated) and Ad-aware and I ran them this morning, and HuntBar is not picked up by neither now, only DSO Exploit and Look2Me. I used to get a lot of Rundll32 errors throughout the day and the machine would freeze. I had to restart it at least 3 or 4 times a day.

Examples:

Rundll32 has caused an error in UCBUI.DLL
Rundll32 will now close

Rundll32 has caused an error in BPIEN.DLL
Rundll 32 will now close

Rundll32 has caused an error in RACLTS5.dll
Rundll32 will now close

And many others.

I would also get a lot of IE errors (By the way I have Windows ME and run Explorer 6.0)

Such as:
Explorer has caused an error in UCBUI.DLL
Explorer will now close

Now I'm not getting so many. But I have a very bad prblem and it's that when I try to shutdown at the end of my day, I get a meny that says the the system is not responding. If I insist on shutting it down, it gives me a blue scren that reads as follows:

Windows
An error has occurred. To continue: Press enter to return to Windows or Press ctrl + alt + del to restart your computer. If you do this, you will lose any unsaved information in all open applications.

File Name: VWI32 (05)+ 000012DO Error: OE: 0028: CO2A44A8
Press any key to continue

(I went to Microsoft, Windows ME home page and they couldn't tell me anything, but the automated response said that was an Outlook Express error, yet my Outlook Express works fine.)
If I continue insisting that the machine will shutdown, it will go into a black
screen with a white cursor blinking on the upper left side of it. It hibernates there forever until I, exhausted, shut it down cold.

I know I cannot go on like this forever. What can I do?

I cannot use System Restore because it would wipe out some software I bought online (Natata eBook Compiler and other some other stuff for which I have no backups,)and I already checked the power settings and I have hibernate never! Is it the Look2Me?
If you are wondering, I am now behind a firewall and they cannot access the machine like they used to.
Thank you for any help! :oops:
Clotilde
http://www.ieasysite.com/Delicioso
Mediterranean/Caribbean-style cooking for vegans and vegetarians
http://www.frontiernet.net/~rexfam
Great Christian encouragement for cloudy days.
User avatar
goodtaste
Geek
Geek
 
Posts: 35
Joined: Tue Jun 15, 2004 1:00 am
Location: USA

Thanks given:0
Thanks received:0
Top

One more thing. . .

Postby goodtaste » Tue Jun 15, 2004 2:54 am

Sorry to do it this way, I just wanted to add something else as a way of information to narrow the field:
I went to Housecall and the result of a scan of my computer was:

No Virus Alert
There are no medium or high risk alerts at this time.

Norto Antivirus, which I have gives me no alerts either. So I think it's still the adware.
Thanks!
http://www.ieasysite.com/Delicioso
Mediterranean/Caribbean-style cooking for vegans and vegetarians
http://www.frontiernet.net/~rexfam
Great Christian encouragement for cloudy days.
User avatar
goodtaste
Geek
Geek
 
Posts: 35
Joined: Tue Jun 15, 2004 1:00 am
Location: USA

Thanks given:0
Thanks received:0
Top

Postby brad » Tue Jun 15, 2004 8:56 am

You've got a Trojan.
Download and install: HiJackThis. Now Run it and post a copy of the Log File here.
(Always create a Folder for HiJackThis anywhere but your Temp/Temporary Internet Folders. This is where it will save the backup files needed if there's a problem.)

brad
"Duty is a matter of the mind. Commitment is a matter of the heart".
brad
Geek Alumni
 
Posts: 2079
Joined: Sat Jul 19, 2003 1:00 am
Location: Charlotte, NC

Thanks given:0
Thanks received:0
Top

HijackThis Log

Postby goodtaste » Fri Jun 18, 2004 12:57 am

Thank you for your advice.
Here's my HijackThis log file:

Logfile of HijackThis v1.97.7
Scan saved at 5:08:37 PM, on 6/16/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\PROGRAM FILES\SEEK ADMIN BEND\SUPPORT COAL.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CampTrans] C:\PROGRA~1\Seek Admin Bend\SUPPORT COAL.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE"
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...38106.526712963
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab

Can you see what's not letting me shutdown? :(
http://www.ieasysite.com/Delicioso
Mediterranean/Caribbean-style cooking for vegans and vegetarians
http://www.frontiernet.net/~rexfam
Great Christian encouragement for cloudy days.
User avatar
goodtaste
Geek
Geek
 
Posts: 35
Joined: Tue Jun 15, 2004 1:00 am
Location: USA

Thanks given:0
Thanks received:0
Top

A little bit more of information you might want

Postby goodtaste » Fri Jun 18, 2004 1:15 am

Here's also my VX2Finder Log (for my version of Windows, which is Windows ME)

Files Found---
C:\WINDOWS\SYSTEM\AbYCFILT.DLL
C:\WINDOWS\SYSTEM\AiYCFILT.DLL
C:\WINDOWS\SYSTEM\BkOWSEUI.DLL
C:\WINDOWS\SYSTEM\BpIEIN.DLL
C:\WINDOWS\SYSTEM\CfETCFG.DLL
C:\WINDOWS\SYSTEM\CjBVIEW.DLL
C:\WINDOWS\SYSTEM\HjTPLUG.DLL
C:\WINDOWS\SYSTEM\HrTPLUG.DLL
C:\WINDOWS\SYSTEM\HtTPLUG.DLL
C:\WINDOWS\SYSTEM\HwTPLUG.DLL
C:\WINDOWS\SYSTEM\HzTPLUG.DLL
C:\WINDOWS\SYSTEM\IaSETUP.DLL
C:\WINDOWS\SYSTEM\IbSETUP.DLL
C:\WINDOWS\SYSTEM\IcFRARED.DLL
C:\WINDOWS\SYSTEM\IcSETUP.DLL
C:\WINDOWS\SYSTEM\IdFRARED.DLL
C:\WINDOWS\SYSTEM\IeFRARED.DLL
C:\WINDOWS\SYSTEM\IgSETUP.DLL
C:\WINDOWS\SYSTEM\IhFRARED.DLL
C:\WINDOWS\SYSTEM\IjFRARED.DLL
C:\WINDOWS\SYSTEM\IlFRARED.DLL
C:\WINDOWS\SYSTEM\IoFRARED.DLL
C:\WINDOWS\SYSTEM\IqFRARED.DLL
C:\WINDOWS\SYSTEM\IrFRARED.DLL
C:\WINDOWS\SYSTEM\IsFRARED.DLL
C:\WINDOWS\SYSTEM\ItFRARED.DLL
C:\WINDOWS\SYSTEM\ItSETUP.DLL
C:\WINDOWS\SYSTEM\IuSETUP.DLL
C:\WINDOWS\SYSTEM\IvFRARED.DLL
C:\WINDOWS\SYSTEM\IwSETUP.DLL
C:\WINDOWS\SYSTEM\IxFRARED.DLL
C:\WINDOWS\SYSTEM\IyFRARED.DLL
C:\WINDOWS\SYSTEM\IySETUP.DLL
C:\WINDOWS\SYSTEM\IzFRARED.DLL
C:\WINDOWS\SYSTEM\MaSTDFMT.DLL
C:\WINDOWS\SYSTEM\MbLOCUSR.DLL
C:\WINDOWS\SYSTEM\MeSTDFMT.DLL
C:\WINDOWS\SYSTEM\MiLOCUSR.DLL
C:\WINDOWS\SYSTEM\MjSTDFMT.DLL
C:\WINDOWS\SYSTEM\MkLOCUSR.DLL
C:\WINDOWS\SYSTEM\MlSTDFMT.DLL
C:\WINDOWS\SYSTEM\MlVCR70.DLL
C:\WINDOWS\SYSTEM\MnLOCUSR.DLL
C:\WINDOWS\SYSTEM\MnSTDFMT.DLL
C:\WINDOWS\SYSTEM\MnVCR70.DLL
C:\WINDOWS\SYSTEM\MtLOCUSR.DLL
C:\WINDOWS\SYSTEM\MvLOCUSR.DLL
C:\WINDOWS\SYSTEM\MzLOCUSR.DLL
C:\WINDOWS\SYSTEM\RaCLTS5.DLL
C:\WINDOWS\SYSTEM\RcCLTS5.DLL
C:\WINDOWS\SYSTEM\RlCLTC5.DLL
C:\WINDOWS\SYSTEM\RlCLTS5.DLL
C:\WINDOWS\SYSTEM\RmCLTC5.DLL
C:\WINDOWS\SYSTEM\RoCLTC5.DLL
C:\WINDOWS\SYSTEM\RsCLTS5.DLL
C:\WINDOWS\SYSTEM\RvCLTC5.DLL
C:\WINDOWS\SYSTEM\SeGR.DLL
C:\WINDOWS\SYSTEM\SeLWAPI.DLL
C:\WINDOWS\SYSTEM\SfGR.DLL
C:\WINDOWS\SYSTEM\SiGR.DLL
C:\WINDOWS\SYSTEM\SjGR.DLL
C:\WINDOWS\SYSTEM\SkDOCVW.DLL
C:\WINDOWS\SYSTEM\SlGR.DLL
C:\WINDOWS\SYSTEM\SqGR.DLL
C:\WINDOWS\SYSTEM\StGR.DLL
C:\WINDOWS\SYSTEM\UbBUI.DLL
C:\WINDOWS\SYSTEM\UcBUI.DLL
C:\WINDOWS\SYSTEM\UkBUI.DLL
C:\WINDOWS\SYSTEM\UlBUI.DLL
C:\WINDOWS\SYSTEM\UvBUI.DLL
C:\WINDOWS\SYSTEM\VnWWDM32.DLL


User Agent String---
{3A7FE963-8EAA-4400-89E4-9BAD73B8937A}
http://www.ieasysite.com/Delicioso
Mediterranean/Caribbean-style cooking for vegans and vegetarians
http://www.frontiernet.net/~rexfam
Great Christian encouragement for cloudy days.
User avatar
goodtaste
Geek
Geek
 
Posts: 35
Joined: Tue Jun 15, 2004 1:00 am
Location: USA

Thanks given:0
Thanks received:0
Top

Postby brad » Fri Jun 18, 2004 8:03 am

**(Always create a Folder for HiJackThis anywhere but your Temp/Temporary Internet Folders. This is where it will save the backup files needed if there's a problem.)**

Press Ctrl/Alt/Del and "End Task" or "End Process" on each of the following: (They may or may not be there)

SUPPORT COAL.exe
WToolsA.exe


Turn off System Restore. (Turn it back on after this is repaired and you've rebooted.) Close all other open Windows and have HiJackThis Fix:

SUPPORT COAL.exe ***
WToolsA.exe

O4 - HKLM\..\Run: [CampTrans] C:\PROGRA~1\Seek Admin Bend\SUPPORT COAL.exe - ***Are you sure you want this running? Search "CampTrans". If not, select this to be fixed.
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab


Go to Control Panel / Add/Remove Programs and remove the following if they are there:

WinTools
Seek Admin Bend or COAL
***

Now delete these Folders or Files that are Highlighted: (You may need enable "Show all Files" and disable "Hide System Files" in Windows Explorer / Tools / Folder Options / View Tab) (You may have to boot to "Safe Mode" in order to delete some Files/Folders)

C:\PROGRAM FILES\Seek Admin Bend ***
C:\Program Files\Common files\WinTools

Now, empty your TEMP Folder / Temporary Internet Files Folder and then empty your "Recycle Bin" and reboot.

brad
"Duty is a matter of the mind. Commitment is a matter of the heart".
brad
Geek Alumni
 
Posts: 2079
Joined: Sat Jul 19, 2003 1:00 am
Location: Charlotte, NC

Thanks given:0
Thanks received:0
Top

Sut down problem in Win ME. . .

Postby goodtaste » Sat Jun 19, 2004 12:38 am

Thank very much Brad! I copied your instructions and will try to follow them carefully. I am not a techie but wish I knew more! I like this forum, I want to learn.
Thanks again and God bless!

"Lend a hand along the way, it'll come back on a rainy day."
http://www.ieasysite.com/Delicioso
Mediterranean/Caribbean-style cooking for vegans and vegetarians
http://www.frontiernet.net/~rexfam
Great Christian encouragement for cloudy days.
User avatar
goodtaste
Geek
Geek
 
Posts: 35
Joined: Tue Jun 15, 2004 1:00 am
Location: USA

Thanks given:0
Thanks received:0
Top


Return to Windows XP and 2003

Who is online

Users browsing this forum: No registered users and 3 guests

cron