TechSpot

Computer wouldn't shutdown/startup

By drneves7
Oct 15, 2008
  1. Well here is what happened.

    First I noticed that AVG update wasn't updating it just kept hanging up.

    Second about that same time it would not shut down. I would have to use the power button to shut it off. Then it got to where it wouldn't start back up. I finally got it up with system restore then of course if I had to restart it. Same deal all over again. Which made it tough to get things updated and scanned. Fortunetly somewhere along the way that got fixed. When I shut down this last time for SUPERantispyware it took a long time and also on the start up. And that is my story. Logs Attached

    Thanks Dominic
     
  2. drneves7

    drneves7 TS Rookie Topic Starter Posts: 82

    Just a little up date. Start ups are definitely still very slow and shut downs still seem on the slower side.
     
  3. rf6647

    rf6647 TS Maniac Posts: 829

    I interpret your post that you feel that the infections are gone.
    The remnant appears to be slowness on startup / shutdown.

    This contributes to "slowness"
    O4 - HKCU\..\Run: [MobMapUpdater] "C:\Program Files\MobMapUpdater\MobMapUpdater.exe" –silent
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    These O4 startup applications (and others appearing in the HJT list) can be turned off with settings in the application. If HJT is used to turn them off, a few will re-enable themselves (Real, Quicktime, Adobe).


    HJT log listed this as a running process. Appears to be legit. This background process may also factor into slowness if updates or changes are in-progress.
    C:\Users\drneves7\Downloads\CFP_Setup_3.0.25.378_XP_Vista_x32.exe

    Many feel that AskJeeves has lost their "soul" to advertising:
    R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

    Please comment about your firewall / internet security / antivirus protection. I did not observe that any were enabled? Yet these services were listed. Remember the "only one" rule - Internet Security is comprised of 1 of each of these: firewall, antivirus, and any other realtime components.
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
     
  4. drneves7

    drneves7 TS Rookie Topic Starter Posts: 82

    Another update. Well my pc just crashed again (I think it may have overheated). Wouldn't start back up. Well I take that back it would but then it would crash again. It did this a few times before it just finally wouldn't boot and It had to do the start up repair and then had to restore to a previous point to start. All of this was after getting my cooler running again and letting pc cool off.

    I am running AVG, Comodo and SUPERantispyware. And Superanditspyware I have only been running since the clean up same with firewall even though I knew better.

    I will see what I can do about those HJT logs. I may need a little help though.

    Thanks Dominic

    Ok I removed these three
    R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

    I also removed this one since it is from an old program.
    O4 - HKCU\..\Run: [MobMapUpdater] "C:\Program Files\MobMapUpdater\MobMapUpdater.exe" –silent

    This one I am not sure what program it goes to I don't have real player on here.
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    This one I am going to look further into couldn't find my adobe reader
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"



    I also keep getting a pop up from Comodo that a application that is another PC is trying to connect here is what I wrote down

    Application: System
    Remote: 192.168.1.100 UDP
    Port: nbname (137)



    And I forgot to thank you for responding to my post I was rather frustrated when I logged in. So thanks a bunch I love you guys here you have saved my **** before. Just signed up for school so hopefully I will be able to join you guys in the crusade soon :)

    Thanks Dominic

    Oh I also attached a current HJT file this is with everything that is normally running.
     
  5. rf6647

    rf6647 TS Maniac Posts: 829

    As a first priority, by all means work on the "crash" problem.
    Use a new post to focus on this - when you feel it is needed.

    Since Comodo blocks this for what appears on your network, log files and events logs may have more info. The router log / status pages may identify what is assigned to 192.168.1.100 .

    My biased view is that another XP computer on your home network has been commanded by its 'god' to sniff out 'the hood'. I used the firewall to shut it down.

    Clean up -
    Use control panel > add/remove programs
    to uninstall programs you no longer use.

    Sometimes you need to use Windows Explorer to delete files/folders.

    Instructions from momok
     
  6. drneves7

    drneves7 TS Rookie Topic Starter Posts: 82

    Thanks again on your reply rf6647. I need to correct my statement on the Comodo deal. It doesn't block it. Its pop up deal pops up and says that it is safe. I am running vista and yes I am on a network with one other machine which is xp. As far as programs this is a fairly new pc and one that I have bought since my noob days so it only has the programs that came installed on it and programs that I installed because I use regularly. And they are all safe as far as I know and they are all big names such as Yahoo Messanger etc. No programs like file shareing programs or anything. And I will post a thread on the crashing problem.

    Thanks Again Dominic




    Well all seems good right now. Here is all I did. i ran the memtest and chkdsk. Found nothing. I then went to HP's website and microsofts to look for a way to check my windows. Came up with nothing. When on HP's site i decided to check for new versions of drivers. Found that I could update my bios so I did. Then I think WoW got messed up on one of the first crash's so ran the repair program for that also. So far so good. No problems. Gamed for like 4 hours tonight. Woot and thanks for all the help guys.

    Thanks a bunch,
    Dominic

    p.s. if you have more suggestions on how to further investigate or prevent this feel free to post.




    Unfortunetly this looks like it is going to be a full restore....... I will update with results.

    Thanks for all the help

    Dominic
     
  7. drneves7

    drneves7 TS Rookie Topic Starter Posts: 82

    Still crashing......

    Okay after a full restore, reformat or what ever you want to call it my pc is still crashing. This time the BSOD stayed up long enough for me to grab some info.

    Gave me these codes or what ever in this format

    ***STOP: 0X0000008E (0XC0000005, 0X81E7014D, 0XABC6CBA4, 0X00000000)

    It also said I should shut off or uninstall my antivirus and turn off some other things and make sure my video drivers (I think that is what it said) was up to date.

    Any help would be appreciated so much I am pulling my hair out. I am waiting to chat with a HP rep so we will see what they have to say.

    Thanks a bunch
    Dominic
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...