It is currently Fri Jun 22, 2018 9:43 pm


Still can't shut down right need help!

All versions of Window XP and 2003 including 32 bit and 64 bit

Moderator: icecube

Still can't shut down right need help!

Postby goodtaste » Wed Jun 23, 2004 1:36 am

Hello Brad! I've done all I am able to do. I put the computer in safe mode and searched for those files and couldn't find them. I got rid of some of them but this one doesn't want to go: C:\Program Files\WinTools\WToolsA.exe
And my computer keeps going into hibernation on shut down. If I hit the space bar really fast before it completely goes into the shut down cycle, sometimes it will turn off normally, but if they are able to get it before I do, the whole thing freezes and I cannot get it back.
Can you help me?

Here's the hijackthis log I got today before I came to the forum:

Logfile of HijackThis v1.97.7
Scan saved at 5:03:22 PM, on 6/22/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE"
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C ... .526712963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab


I'm sure you can see them there. Please let me know if you have any ideas. Thank you very much! I'm not dumb, just a newbie. :oops:
http://www.ieasysite.com/Delicioso
Mediterranean/Caribbean-style cooking for vegans and vegetarians
http://www.frontiernet.net/~rexfam
Great Christian encouragement for cloudy days.
User avatar
goodtaste
Geek
Geek
 
Posts: 35
Joined: Tue Jun 15, 2004 1:00 am
Location: USA

Thanks given:0
Thanks received:0
Top

Postby Cactus » Wed Jun 23, 2004 3:04 am

Follow the instructions on your other post to remove the Huntbar files.
modules.php?name=Forums&file=viewtopic&p=11661#11661

After going to Internet Options and deleting Temp files,cookies....
Then START>PROGRAMS>ACCESORIES>SYS TOOLS>DISK CLEANUP
Then empty recyle bin....

Now run HJT again and post a fresh LogFile for Brad....

Cactus
User avatar
Cactus
Geek Alumni
 
Posts: 1330
Joined: Sat Nov 30, 2002 1:00 am
Location: Somewhere...

Thanks given:0
Thanks received:0
Top

Postby brad » Wed Jun 23, 2004 8:08 am

Please post all Comments in the same Topic.
After doing as Cactus suggests run HJT again and if do the following if these entrees still exist:

Press Ctrl/Alt/Del and "End Task" or "End Process" on each of the following: (They may or may not be there)

internat.exe
WToolsA.exe


Turn off System Restore. (Turn it back on after this is repaired and you've rebooted.) Close all other open Windows and have HiJackThis Fix:

O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe


Go to Control Panel / Add/Remove Programs and remove the following if they are there:

WinTools

Now delete these Folders or Files that are Highlighted: (You may need enable "Show all Files" and disable "Hide System Files" in Windows Explorer / Tools / Folder Options / View Tab) (You may have to boot to "Safe Mode" in order to delete some Files/Folders)

C:\Program Files\Common files\WinTools

Now, empty all your TEMP Folders (WinXp has up to 4 of them) / Temporary Internet Files Folder and then empty your "Recycle Bin" and reboot.

brad
"Duty is a matter of the mind. Commitment is a matter of the heart".
brad
Geek Alumni
 
Posts: 2079
Joined: Sat Jul 19, 2003 1:00 am
Location: Charlotte, NC

Thanks given:0
Thanks received:0
Top

Still freezing when I shut down. . .

Postby goodtaste » Thu Jun 24, 2004 2:09 am

Sorry, newbie mistake! I will try, I sometimes cannot find things where they are hiding. But I have seen the internat thing and the WTools. Not sure where I'm supposed to hit alt+ctrl+del for internat because Windows doesn't even give any menus anymore, it just goes into hibernation. It used to but as I have deleted some things, I have lost a lot of control over the machine (especially for someone who's not too savvy). but I do thank you much and will continue to try.
One thing you forgot to tell me was if all the files I listed yesterday were the ones I was supposed to delete:
WToolsA
WSup
WToolsB.dll
WToolsC.cfg
WToolsD.cfg
WToolsP.cfg

Also, hijackthis is not deleting anything! I go through it and every time, WTools is right back. But I still will do it again.
Thank you!
http://www.ieasysite.com/Delicioso
Mediterranean/Caribbean-style cooking for vegans and vegetarians
http://www.frontiernet.net/~rexfam
Great Christian encouragement for cloudy days.
User avatar
goodtaste
Geek
Geek
 
Posts: 35
Joined: Tue Jun 15, 2004 1:00 am
Location: USA

Thanks given:0
Thanks received:0
Top

Thank you, cactus

Postby goodtaste » Thu Jun 24, 2004 2:22 am

I'm trying very hard to follow all the instructions but do not know half the time where the folders are. But I copied all and will follow to th e best of my ability.
http://www.ieasysite.com/Delicioso
Mediterranean/Caribbean-style cooking for vegans and vegetarians
http://www.frontiernet.net/~rexfam
Great Christian encouragement for cloudy days.
User avatar
goodtaste
Geek
Geek
 
Posts: 35
Joined: Tue Jun 15, 2004 1:00 am
Location: USA

Thanks given:0
Thanks received:0
Top

Okay Brad, I got it!

Postby goodtaste » Thu Jun 24, 2004 2:25 am

No need to answer me about the WTools list I went to the other post and read that Cactus had told me it was them alright!
http://www.ieasysite.com/Delicioso
Mediterranean/Caribbean-style cooking for vegans and vegetarians
http://www.frontiernet.net/~rexfam
Great Christian encouragement for cloudy days.
User avatar
goodtaste
Geek
Geek
 
Posts: 35
Joined: Tue Jun 15, 2004 1:00 am
Location: USA

Thanks given:0
Thanks received:0
Top

Postby teststrips » Thu Jun 24, 2004 2:44 am

Glad you got it!
User avatar
teststrips
Geek Alumni
 
Posts: 542
Joined: Fri Jan 24, 2003 1:00 am
Location: USA - Pennsylvania

Thanks given:0
Thanks received:0
Top

About WinTools and all of your instructions. . .

Postby goodtaste » Thu Jun 24, 2004 3:25 am

I did everything you guys told me, even did a disk cleanup as cactus suggested and then did a hijackthis before I came back in here and I still saw the winTools (WinToolsA, which I had deleted in Safe Mode!) but I told hijackthis to delete it and it seems to have done it. Did hit alt/ctrl/del on internat and haven't seen it before. I hope it's gone, it did give me a lot of trouble before.
Here's the log hijackthis gave me after I told it to delete WinToolsA:

Logfile of HijackThis v1.97.7
Scan saved at 7:20:24 PM, on 6/23/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE"
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C ... .526712963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab

You guys have been just great! Thank you for your patience in bearing with my lack of know-how. Please let me know if it's all clear.
Thank you! :wink:
http://www.ieasysite.com/Delicioso
Mediterranean/Caribbean-style cooking for vegans and vegetarians
http://www.frontiernet.net/~rexfam
Great Christian encouragement for cloudy days.
User avatar
goodtaste
Geek
Geek
 
Posts: 35
Joined: Tue Jun 15, 2004 1:00 am
Location: USA

Thanks given:0
Thanks received:0
Top

Postby brad » Thu Jun 24, 2004 8:18 am

Looks great.
brad
"Duty is a matter of the mind. Commitment is a matter of the heart".
brad
Geek Alumni
 
Posts: 2079
Joined: Sat Jul 19, 2003 1:00 am
Location: Charlotte, NC

Thanks given:0
Thanks received:0
Top

About the last Hijackthis log I posted

Postby goodtaste » Fri Jun 25, 2004 12:36 am

Thank you! That is soooo wonderful! It did shut down normally but since it would that every now and then, I was still worried. Now that I got the all-clear, I can breathe easier.
Thanks Brad and also a thank you to all who helped me. :wink:
http://www.ieasysite.com/Delicioso
Mediterranean/Caribbean-style cooking for vegans and vegetarians
http://www.frontiernet.net/~rexfam
Great Christian encouragement for cloudy days.
User avatar
goodtaste
Geek
Geek
 
Posts: 35
Joined: Tue Jun 15, 2004 1:00 am
Location: USA

Thanks given:0
Thanks received:0
Top

Postby brad » Fri Jun 25, 2004 12:39 am

You're so welcome.
brad
"Duty is a matter of the mind. Commitment is a matter of the heart".
brad
Geek Alumni
 
Posts: 2079
Joined: Sat Jul 19, 2003 1:00 am
Location: Charlotte, NC

Thanks given:0
Thanks received:0
Top


Return to Windows XP and 2003

Who is online

Users browsing this forum: No registered users and 3 guests

cron