TechSpot

XP Won't Reboot or Shutdown

By rgallier
May 23, 2007
  1. While switching from Freedom Security Suite to McAfee Security Suite, the uninstall of Freedom was unsuccessful; I immediately started having problems with the computer hanging, it could take 15 min. for task manager to appear. I determined the incomplete uninstall of Freedom was possably the problem, in order to complete the uninstall I had to reinstall/uninstall. After a "successful" uninstall, xp won't complete a restart or shutdown. The computer gets to the point where xp completes the "save settings" and reports "sutting down" and never leaves this screen the drive access light is continously lit. A hard power-off used to result in a chkdsk of P:, I moved all files off this drive and reformatted/partitioned the drive. This resolved the chkdsk of P: upon resuming after a hard power-off.

    The system paging file resides on this drive in the first/extended partition E: , seperate from O.S. C:\ drive. The computer still exhibits the same behavior when the paging file is set to system managed on C:.

    The IE home page will not remain on google, keep returning to IE 6 update. I am unsure of when this started. The only way I have found to stop this is to set SB-S&D to lock the home page and tell McAfee & Defender to allow. I wasn't running all of these different Spyware programs before this problem occured and would like to uninstall all but McAfee after resolving this problem.

    I have followed all steps, except the intermediate posts of log files, outlined on "Viruses/Spyware/Malware, preliminary removal instructions" posted here http://www.techspot.com/vb/topic58138.html. The only thing the Spyware packages encounter are tracking cookies & history files.

    Attached is my Hijack
     

    Attached Files:

  2. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Hi rgallier. Welcome to TechSpot! :wave:

    Please go and read the Viruses/spyware/malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, ComboFix, and AVG Antispyware logs as attachments into this thread, only after doing the above. Also post here the results of the AVG Antirootkit scan.

    Did you edit your HijackThis log at all? Some of the entries don't have some data that should be there. If you edited the other logs, please don't edit these.

    Regards :)

    This thread is for the use of rgallier only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     
  3. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Have HijackThis fix the following entries:

    O2 - BHO: (no name) - {1201333E-BAD9-481C-BCF5-6904498CF85B} - (no file)
    O2 - BHO: (no name) - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - (no file)
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {56071E0D-C61B-11D3-B41C-00E02927A304} - (no file)
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    Fix all O16 entries except for Microsoft Data Collection Control.

    Post fresh HijackThis, ComboFix and AVG Antispyware logs from normal mode as attachments to this thread.


    Regards,
    Your friendly Momok =)

    This thread is for the use of rgallier only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  4. rgallier

    rgallier TS Rookie Topic Starter

    Results Steps 1 - 8

    1. I disabled all real time monitoring except McAfee, which the firewall is set to always alert. I didnot feel comfortable disabling my only protection for spyware & viruses.

    2. I ran a full scan with McAfee Antivirus which found nothing.

    3. Used activex version of Housecall, print page > txt for log see attached.

    4. Downloaded HijackThis 2.0.

    5. Renamed to Analyze then ran, attached log.

    6. Ran AVG Anit-Spyware, attached log.

    7. Ran SS&D which found nothing.

    8. Ran Ad-Aware, attached log.

    Results Step 9

    1. Ran Ccleaner twice, attached logs.

    Results Steps 10 & 11

    10-1. Ran SmitfraudFix, attached logs 10-1, 10-1a & 10-1b

    10-2. Ran VirtumundoBeGone, attached log 10-2

    10-3. Ran VundoFix reported nothing.

    10-4. Ran Look2Me-Destroyer reported nothing.

    Results steps 11 & 12

    11. Ran AVG Antirootkit found nothing.

    12-1. Ran ComboFix, attached log.

    12-2. Ran HijackThis (Analyze), attached log.
     
  5. momok

    momok TS Rookie Posts: 2,265

    Hi,

    You have not provided the results for the AVG Antirootkit scan. Please do so in your next post.

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Boot into safe mode under your normal user name. See how HERE

    Next turn on "Show all files and folders, including hidden and system". See how HERE

    Go to start > run and type services.msc. Press the enter key.
    Search for the following services. Double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    FreePOPs

    Go to start > Control Panel > Add and Remove Programs.
    Remove anything related to the following:

    FreePOPs

    After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

    O23 - Service: FreePOPs - Unknown owner - C:\Program Files\FreePOPs\freepopsservice.exe (file missing)

    Close HJT.


    Navigate in Windows Explorer and delete the following files and folders in bold.

    C:\Program Files\FreePOPs\
    C:\WINDOWS\CheckModels.exe
    C:\WINDOWS\system32\0FEB55D8B7.sys

    Reboot into normal mode and rehide your protected OS files.

    Thereafter, please post fresh HJT, ComboFix and AVG Antispyware logs from normal mode as attachments into this thread.


    Regards,
    Your friendly Momok =)

    This thread is for the use of rgallier only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. rgallier

    rgallier TS Rookie Topic Starter

    Results Step 14-1

    14-1. Run SS&D attached logs

    Results Step 14-1 (continued)

    14-1. Run SS&D attached logs

    AVG Anti-Rootkit reported it found nothing. How do I create the log?

    Used HJT and removed:
    O23 - Service: FreePOPs - Unknown owner - C:\Program Files\FreePOPs\freepopsservice.exe (file missing)

    Deleted the following files and folders:
    C:\Program Files\FreePOPs\
    C:\WINDOWS\CheckModels.exe
    C:\WINDOWS\system32\0FEB55D8B7.sys

    Currently running AVG Anti-Spyware (takes 1 hr 40 min).

    Attached are the HJT & ComboFix logs.
     
  7. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Your logs look clean already. I doubt AVG will find much. I do suggest you check out this thread here on how to speed up your system as you seem to have alot of unnecessary services running on your system.

    Do post the AVG log, and after that I should be able to give you the final cleaning steps.


    Regards,
    Your friendly Momok =)

    This thread is for the use of rgallier only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. rgallier

    rgallier TS Rookie Topic Starter

    Here is the AVG report
     
  9. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Your logs look clean now; the AVG log only shows a few cookies from techspot.

    Please download and run CCleaner via step 9 of the instructions HERE.

    Delete all files in AVG Antispyware Quarantine folder.

    Turn off system restore (XP/ME only). Learn how to do that HERE.
    This will remove all the remaining nasties from your old restore points.

    After that turn system restore back on.
    This would have created a new safe and clean restore point for your system.

    Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
    May I recommend you to read this article.
    This can help to prevent future infections.

    Should you have any further problems, please post in this thread.


    Regards,
    Your friendly Momok =)

    This thread is for the use of rgallier only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. rgallier

    rgallier TS Rookie Topic Starter

    This process has fixed my homepage problem (probably caused by running so many active scanners).

    My original problem still persists; the computer will not powering off during a shutdown or not complet a restart, it stops at the two tone blue "Shutdown Screen" with XP Windos logo and "Windows is shutting down..." printed left-center of the display.
     
  11. CCT

    CCT TS Evangelist Posts: 2,653   +6

  12. rgallier

    rgallier TS Rookie Topic Starter

    I had already tried that site prior to posting here, it appears to be very old and mostly related to 98 & ME. I believe my problem has to do with the failed uninstall of Freedom Security Suite. I have found various remnants of it, left in user profiles, "C:\Program Files\Common Files\Command Software\" & even some of the running process, while tracing this problem.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...