computer wont shut down...

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by toshkerr, Aug 17, 2007.

  1. toshkerr

    toshkerr Private E-2

    hi, my computer doesnt seem to always want to shut down. i first noticed it happening a few days ago when i added a new user account for my wife. at first it was just her account affected but mine has done it a few times too. basically when i hit the log off or shut down button the computer does nothing.

    turcoloco over in the software section referred me over her to see if it was a malware thing. not quite sure where to start so any help would be greatly appreciated.

    system is windows XP pro. my other threat has same title as this one so more information in software area if anyone needs.

    thanks,JK
     
  2. abri

    abri MajorGeek

    Hi toshkerr,
    I looked at your software thread. There is a virus associated with the file you mentioned, but it causes the computer to shut down, rather than to not shut down. There would be no reason but a highly unusual coincidence for your installing another user name to come together with your getting a virus. If you've had Avast installed along with a good firewall and have been doing regular updates and safe surfing, then it seems the timing of this problem has more likely to do with your changes to your system than with a virus coming in right at that moment. Did you scan your registry for corrupt files and see if the file you mentioned might be among the ones that are corrupt.

    Nonetheless, if you would like to continue with a check for malware, please follow the instructions in the READ & RUN ME FIRST. They are lengthy but not difficult. We can check the logs for you.

    abri
     
  3. toshkerr

    toshkerr Private E-2

    came up with a few things. couldn't get online to run counterspy and panda in safe mode so just ran in normal boot.

    might not fix my problem but maybe worth a look anyhow. thanks. tosh.
     

    Attached Files:

  4. toshkerr

    toshkerr Private E-2

    and the rest.
     

    Attached Files:

  5. abri

    abri MajorGeek

    oops, sorry, we just crossed paths. I've got all the logs now.
    abri
     
  6. abri

    abri MajorGeek

    First, please disable any antivirus and/or antispy programs you have installed so they will not block this fix.

    1) We're finished now with Counterspy. Please look in Add/Remove Programs for the following and uninstall it:

    -Sunbelt CounterSpy
    -Java 2 Runtime Environment, SE v1.4.2_01

    Then delete the below folders which may be left behind by the uninstall:

    C:\Documents and Settings\Tosh\Application Data\Sunbelt Software
    C:\Documents and Settings\All Users\Application Data\Sunbelt Software
    C:\Program Files\Sunbelt Software

    And now please reboot your computer.

    2) After you've rebooted, please install Java Runtime Environment vs. 6.2


    3) Now please run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now: (note: unless there's a specific reason that Sony contacted you about for having the three 015 lines in your trusted zone, please remove them by clicking on them with the rest of the below entries) – remember to shut all browsers including this one before clicking on fix!

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    O2 - BHO: (no name) - {89E718A7-F21C-8BE9-4BF7-F45A67311A92} - (no file)
    O3 - Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - (no file)
    O4 - Global Startup: Remocon Driver.lnk = ?
    O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
    O4 - Global Startup: Wireless Panel.lnk = ?
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy
    Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm>>
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm>>
    O15 - Trusted Zone: *.sony-europe.com
    O15 - Trusted Zone: *.sonystyle-europe.com
    O15 - Trusted Zone: *.vaio-link.com
    O20 - Winlogon Notify: winuns32 - C:\WINDOWS\

    After clicking Fix, exit HJT.


    4) Please copy the bold text below to notepad. Save it as fixME.reg[/color=blue] to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Quote:
    5)Now download The AVENGER by Swandog469, and save it to your Desktop.

    Extract avenger.exe[/color=blue] from the Zip file and save it to your desktop
    * Run avenger.exe by double-clicking on it.
    * Check the 'Input script manually' box.
    * Click on the magnifying glass icon.
    * Copy everything in the Quote box below, and paste it in the box that opens:


    * Now click the 'Done' button.
    * Click on the traffic light icon and OK the prompt.
    * You will be prompted to restart, OK the prompt and your PC should reboot, if not,

    reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt


    6) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

    NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main ATF Cleaner menu to close the program.

    After you have completed ALL of the above in the correct order, please attach the following logs.
    • HijackThis Log
    • ShowNew Log
    • GetRunKey Log
    • Avenger Log



    How are things running now?
    abri
     
    Last edited by a moderator: Aug 21, 2007
  7. toshkerr

    toshkerr Private E-2

    hi abri,
    been following the instrcutions you gave me. during the hijack this fix in step three there was an unexpected error, it still did its business but i have enclosed the message it gave.

    the input script you gave for avenger did not work, it said it wasn't valid. also enclosed is that log. so i have not proceeded beyond that step.

    thanks, tosh.
     

    Attached Files:

  8. abri

    abri MajorGeek

    sorry! Try this for Avenger and see if that works.

    Now Run The AVENGER by double-clicking on it.
    * Check the 'Input script manually' box.
    * Click on the magnifying glass icon.
    * Copy everything in the Quote box below, and paste it in the box that opens:
    Quote:
    Now click the 'Done' button.
    * Click on the traffic light icon and OK the prompt.
    * You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt

    abri
     
  9. toshkerr

    toshkerr Private E-2

    why wont this thing let me add an attachment?!

    avenger worked this time although still seems to have an error of sorts...shown in log.

    i will post you the logs when it allows me to attach.

    thanks.
    tosh
     
  10. abri

    abri MajorGeek

    Hi Toshkerr :)
    See if it will work after reboot or with another browser if you have one. I need to ask about your strange error with HJT anyway. If you find you still can't attach, let me know! We're all in different time zones so things happen as we cross paths.
    abri
     
  11. toshkerr

    toshkerr Private E-2

    hi, got it working with IE. not sure why i could reply properly with firefox...anyway :)

    here are some more logs....cheers...

    tosh
     

    Attached Files:

  12. toshkerr

    toshkerr Private E-2

    avenger log
     
  13. toshkerr

    toshkerr Private E-2

    again. oops.
     

    Attached Files:

  14. abri

    abri MajorGeek

    Toshkerr,

    your logs are clean. The .sqm files in your root directory are a problem with messenger which might be solved by updating to a newer version. See here for more information on that:

    http://www.microsoft.com/communitie...&tid=5cb19f75-ad79-4c5c-944e-d7dbbe2fa80f&p=1

    There is a fix in there which will have them deleted from your computer at startup, but I would take this particular information back to the Software forum and see what they think about it. I don't think this has anything to do with the problem you first came here with that your computer won't shut down ever since the new user account was made.

    If you put "computer won't shut down" into google, you'll see this is a problem many people have and for different reasons. One person can shut down from the administrator account but not from any other user accounts. In another case, it's a driver problem. In your case, it seems to be timed with something that happened when you made the new user account. Please ask further in the software forum.

    Thanks!
    abri
     
  15. toshkerr

    toshkerr Private E-2

    hi,
    thanks for everything. i'll give it a few days and see how everything is running before i check back with the software guys.
    you've already made some improvements, like my safely remove hardware icon is back for good (used to disappear!) also my cubase syn emu is back after a long exit. thanks again!

    tosh
     
  16. abri

    abri MajorGeek

    Welcome!

    Please post a last message if you get the shutdown problem solved. I'd be interested to hear what it was!

    abri
     
  17. toshkerr

    toshkerr Private E-2

    hi abri,
    never found the problem in the end but the software guys reckon it is a dodgy process..which one i don't know! but i've figured out a way i can restart shutdown anyway.

    cheers,
    tosh
     
  18. abri

    abri MajorGeek

    okay, well, I'm glad there were some improvements, sorry we couldn't solve the shutdown problem, but I sure wish you luck with that!
    :)
    abri
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds