Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

MY pc wont shut down

Status
Not open for further replies.
LeeroyJenkins

LeeroyJenkins

Technical User
Jul 3, 2005
15
US
i cant shut down my pc if i press alt+F4 it hands with a busy icon is i try shuttingdown with ctrl+alt+del it hangs. the only way i was able to shut down was to end 2 svchost.exe process PID 1056 and PID 1076 shown below one of them is roughly 2-3kb the other one goes up to 23kb i dont know why these 2 specific processes are hanging my pc i tried spyware scan virus scan neither solved the problem tried running the scans in safe mode didnt work. i only have this problem running windows in normal mode in safe mode i dont have this problem

Process PID

AHQTBU.EXE 1232
cmd.exe 1224
csrss.exe 644
Explorer.EXE 620
gcasDtServ.exe 1612
gcasServ.exe 1260
iexplore.exe 1180
iexplore.exe 1568
lsass.exe 724
NOTEPAD.EXE 1000
PrcView.exe 1756
services.exe 712
smss.exe 588
spoolsv.exe 1336
svchost.exe 904
svchost.exe 956
svchost.exe 1056
svchost.exe 1076
svchost.exe 1992
taskmgr.exe 1728
wbload.exe 1244
wdfmgr.exe 188
winlogon.exe 668
 
Sort by date Sort by votes
I get a couple of different results when I search prcview.exe. Some sites say it is added by a worm, while others say it is a program. Have you intentionally installed a program called PRC VIEW?
 
Upvote 0 Downvote
Safe mode as you know DOES NOT LOAD DRIVERS...also there is known IEEXPLORER.trojan, and more than one program adds SVCHOST. this can be a trojan/vurii also..recommend that you run more than one adware.trojan.spyware removal program. there are several that are FREE and work very well. I run ad-ware (free), spybot search&destroy(free), spy remover, A square(free), Toolbar cop(free), Counter Spy, Spy Sweeper, Spyware Doctor and XoftSpy. each one will find something that the others misses.
a-squared (a²) HiJackFree - Process info for prcview.exe
Process Details: prcview.exe. a² HiJackFree Process Info:. Filename:, prcview.exe.
Default path:, \. Clsid:. Operating systems:, Win 98/ME, Win NT4, ...
- 21k - Jul 1, 2005 - Cached - Similar pages
Click to expand...
Tech Support Forum Archive - SVCHOST error:\\HELP FROM ANYONE
*PrcView=C:\Program Files\Norton SystemWorks\Process Viewer\PrcView.exe »RunOnce »Default
User »Run *Msbb.exe=Msbb.exe *Systesms.exe=Systesms.exe »RunOnce ...
- 19k - Cached - Similar pages
Click to expand...


Frank Smith irc.dhcnetwork.com
gunslinger.gif

SomeWhere in Kansas Near Dodge City
 
Upvote 0 Downvote
ALT+F4 = Close the active item, or quit the active program.
ctrl+alt+del = launch Task Manager.

Neither of the above are Shutdown commands in XP.

What happens if you use Shutdown from the Start Menu?

Why does Task Manager, MSCONFIG, or REGEDIT disappear while opening?

Removing adware & spyware
faq608-4650

Microsoft (GIANT Antispyware) Beta available
Thread779-979113

General Shutdown troubleshooter.

 
Upvote 0 Downvote
bkrike - no i havent installed anything that your talking about

s0121 - yes i know safe mode doesnt load drivers the reason i said i dont have this issue was because safe mode does load the kernel i wanted to isolate the possibility of the problem being something wrong with the actual kernel. I usually run adaware and the microsoft anti-spyware neither found any spyware on my pc i ran deep scans not the regular intelligent scans. I ran mcafee virus scan and it didnt pick up any virus


linney - with no windows alt+f4 bring up a window to sutdown the pc and in taskmanager one of the menus gives an option to shutdown and yes i have tried using the one on the start menu as well the same thing happens
 
Upvote 0 Downvote
Thanks for the reply info. Have been scanning all my XP Notes, found reference to EZCD and Direct CD, conflicting with other programs. when shut is attempted the computer simply reboots...possible to use:
1. Run Regedt32.exe.
2. Locate the 'UpperFilters' value under the following key in the registry,
and delete it:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11
CE-BFC1-08002BE10318}]
3. Locate the 'LowerFilters' value under the same key, and delete it:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11
CE-BFC1-08002BE10318}]

4. Close the registry editor and restart the computer.
5. For more information please refer the KB article:
CD-ROM Access Is Missing and Messages Cite Error Code 31, Code 32, Code 19,
or Code 39 After You Remove Easy CD Creator in Windows XP:

If this corrects the problem then it is in the CD-DVD burning programs...
(more notes) ZoneAlarm, BlackIce (firewalls) and Dr Divx (installed a EncodeDivXExt.dll) also caused a simular problem.



Frank Smith irc.dhcnetwork.com
gunslinger.gif

SomeWhere in Kansas Near Dodge City
 
Upvote 0 Downvote
Upvote 0 Downvote
ahqtb is Spyware
Remove with XoftSpy Remover (aff)
Free Scan. Clean your Computer Now!
Click to expand...
then I'd get HIJACKTHIS (free) and run it..then I'd try if you have not already:
Spybot Search & Destroy (Free)
AdAware v1.06 (Free)
A square (Free)
AVG AV (Free) yes, even tho ur running MS Antispyware. I dropped it and went to "Xoftspy" when MS bought Giant..
Then I'd remove " WindowsBlinds Stardock " yes remove..not just turn off- REMOVE... then try rebooting...let us know.


Frank Smith irc.dhcnetwork.com
gunslinger.gif

SomeWhere in Kansas Near Dodge City
 
Upvote 0 Downvote
310353 - How to Perform a Clean Boot in Windows XP

316434 - HOW TO: Perform Advanced Clean-Boot Troubleshooting in Windows XP

310560 - How to Troubleshoot By Using the Msconfig Utility in Windows XP


See if you can isolate what loads in Normal Mode but doesn't load in Safe Mode.

Are there any clues in your Event Viewer?

A second opinion to McAfee via the linked online virus scans is always a worthwhile exercise.

Removing adware & spyware
FAQ608-4650
 
Upvote 0 Downvote
ok i removed procview tried those other spyware scanners still having same problem i dont have an burning software currently installed either
 
Upvote 0 Downvote
You may need something a bit stronger than Adware or Spyware scanners, that is why I suggested using one of the Online Virus Scanners linked to the following FAQ.

Removing adware & spyware
FAQ608-4650

At least try the Trend Micro scanner, too often we have seen examples of problems caused by only using one brand of virus scanner to remove malware. A virus scanner is only as good as its loaded definitions.

 
Upvote 0 Downvote
A great site for shutdown problems is the Windows XP Shutdown troubleshooter found over at Aumha
Shutdown help for Windows XP

But as the other guys have said its very possible to be some kind of spyware thats causing your problem.

P.S do you play WOW?

Take care and good luck!

---
Make the best use of what is in your power, and take the rest as it happens.
 
Upvote 0 Downvote
i tried mcafees online scanner it didnt pick up anything ill check out that link and try trend micro scanner

and yes i play wow
 
Upvote 0 Downvote
Thumbs up lets do this, LEEEEEEEROOOY JENKINS!

some funny stuff there :)
 
Upvote 0 Downvote
Try running ChkDsk to check your drive for errors. Right click your Drive icon/ Properties/ Tools/ Error Checking.

Run the System File Checker program from the Run Box by typing.....Sfc /Scannow in it and have your XP CD handy.

HOW TO: Verify Unsigned Device Drivers in Windows XP

If they don't work you could try repairing windows by running it over itself. You will lose all your windows updates but your files will be untouched.

How to Perform an In-Place Upgrade (Reinstallation) of Windows XP (Q315341)
 
Upvote 0 Downvote
linney i already ran both of those didnt come up with any problems
 
Upvote 0 Downvote
Well, if Trend Micro doesn't help you, let everyone have a look at your "Hijack This" log as it stands now.
 
Upvote 0 Downvote
Have you looked at the aumha link about shutdown problems? If you have run all of these scanners and they havent found any malicious software it might not be due to spyware. Test the things from the Aumha page.

P.S are you THE LeeroyJenkins?

---
Make the best use of what is in your power, and take the rest as it happens.
 
Upvote 0 Downvote
linney, by me reading what was above i am not sure that
LeeroyJenkins was saying he ran the trend micro online scan. I could be wrong, and if so i apologize, and the only reason i am jumping in here is i have read the list of items in the task mgr and i also believe there is a trojan there, somewhere. I believe in the end a trojan will be found. If not, something similar.

LeeroyJenkins, have you completed the online scan at trend micro? And run some or most of the programs listed above, especially m\soft antispyware and come up with nothing?

If so, then i would try hijack this and post the results.
I am certain you have a trojan or some other malware.
I'm not an expert at this but when you dont know why that AHQ and the extra iexplorer and the Prcview are there, something seems to be wrong with all or some of these.

One last thing, is windows xp giving you any other problems, even small issues that are a bit weird?





Good advice + great people = tek-tips
 
Upvote 0 Downvote
i ran trend micro complete scan came up with nothing also microfts scanner same ran hijackthis here are the results of that scan

Logfile of HijackThis v1.99.1
Scan saved at 10:34:45 AM, on 7/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\EXPLOREr.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Isak Aronov\Local Settings\Temporary Internet Files\Content.IE5\8J6XAT6B\HijackThis1991[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: 62.75.224.159 O1 - Hosts: 62.75.224.159 O1 - Hosts: 62.75.224.159 O1 - Hosts: 62.75.224.159 O1 - Hosts: 62.75.224.159 O1 - Hosts: 62.75.224.159 O1 - Hosts: 62.75.224.159 O1 - Hosts: 62.75.224.159 O1 - Hosts: 62.75.224.159 O1 - Hosts: 62.75.224.159 O1 - Hosts: 62.75.224.159 O1 - Hosts: 62.75.224.159 O1 - Hosts: 62.75.224.159 O1 - Hosts: 62.75.224.159 O1 - Hosts: 62.75.224.159 O1 - Hosts: 62.75.224.159 O1 - Hosts: 62.75.224.159 O1 - Hosts: 62.75.224.159 O1 - Hosts: 62.75.224.159 O1 - Hosts: 62.75.224.159 O1 - Hosts: 62.75.224.159 O1 - Hosts: 62.75.224.159 O1 - Hosts: 62.75.224.159 O1 - Hosts: 62.75.224.159 O1 - Hosts: 62.75.224.159 O1 - Hosts: 62.75.224.159 O1 - Hosts: 62.75.224.159 O1 - Hosts: 62.75.224.159 bns1.net
O1 - Hosts: 62.75.224.159 bns2.net
O1 - Hosts: 62.75.224.159 bns3.net
O1 - Hosts: 62.75.224.159 bns4.net
O1 - Hosts: 62.75.224.159 bns5.net
O1 - Hosts: 62.75.224.159 bns6.net
O1 - Hosts: 62.75.224.159 bns7.net
O1 - Hosts: 62.75.224.159 bns8.net
O1 - Hosts: 62.75.224.159 cms1.net
O1 - Hosts: 62.75.224.159 cms2.net
O1 - Hosts: 62.75.224.159 cms3.net
O1 - Hosts: 62.75.224.159 cms4.net
O1 - Hosts: 62.75.224.159 cms5.net
O1 - Hosts: 62.75.224.159 cms6.net
O1 - Hosts: 62.75.224.159 cms7.net
O1 - Hosts: 62.75.224.159 cms8.net
O1 - Hosts: 62.75.224.159 rg1.com
O1 - Hosts: 62.75.224.159 rg2.com
O1 - Hosts: 62.75.224.159 rg3.com
O1 - Hosts: 62.75.224.159 rg4.com
O1 - Hosts: 62.75.224.159 rg5.com
O1 - Hosts: 62.75.224.159 rg6.com
O1 - Hosts: 62.75.224.159 rg7.com
O1 - Hosts: 62.75.224.159 rg8.com
O1 - Hosts: 62.75.224.159 cjt1.net
O1 - Hosts: 62.75.224.159 rgs1.net
O1 - Hosts: 62.75.224.159 rgs2.net
O1 - Hosts: 62.75.224.159 j800banners.cjt1.net
O1 - Hosts: 62.75.224.159 jadlogix.cjt1.net
O1 - Hosts: 62.75.224.159 jadtegrity.cjt1.net
O1 - Hosts: 62.75.224.159 jaimmedia.cjt1.net
O1 - Hosts: 62.75.224.159 javatar.cjt1.net
O1 - Hosts: 62.75.224.159 jbeet.cjt1.net
O1 - Hosts: 62.75.224.159 jbigpops.cjt1.net
O1 - Hosts: 62.75.224.159 jbouncetek.cjt1.net
O1 - Hosts: 62.75.224.159 jbravenet.cjt1.net
O1 - Hosts: 62.75.224.159 jcdcover.cjt1.net
O1 - Hosts: 62.75.224.159 jclickspring.cjt1.net
O1 - Hosts: 62.75.224.159 jcollegehumor.cjt1.net
O1 - Hosts: 62.75.224.159 jdownloadacc.cjt1.net
O1 - Hosts: 62.75.224.159 jedonkey.cjt1.net
O1 - Hosts: 62.75.224.159 jeuniverse.cjt1.net
O1 - Hosts: 62.75.224.159 jhot.cjt1.net
O1 - Hosts: 62.75.224.159 jicmedia.cjt1.net
O1 - Hosts: 62.75.224.159 jicq.cjt1.net
O1 - Hosts: 62.75.224.159 jieplugin.cjt1.net
O1 - Hosts: 62.75.224.159 jinternetoptimizer.cjt1.net
O1 - Hosts: 62.75.224.159 jmediabuy1.cjt1.net
O1 - Hosts: 62.75.224.159 jmediabuyad.cjt1.net
O1 - Hosts: 62.75.224.159 jmindset.cjt1.net
O1 - Hosts: 62.75.224.159 jmindsettest.cjt1.net
O1 - Hosts: 62.75.224.159 jnictech.cjt1.net
O1 - Hosts: 62.75.224.159 jnova.cjt1.net
O1 - Hosts: 62.75.224.159 jpiolet.cjt1.net
O1 - Hosts: 62.75.224.159 jsanboxer.cjt1.net
O1 - Hosts: 62.75.224.159 jsercee.cjt1.net
O1 - Hosts: 62.75.224.159 jthedelfin.cjt1.net
O1 - Hosts: 62.75.224.159 jwarezp2p.cjt1.net
O1 - Hosts: 62.75.224.159 jwildmedia.cjt1.net
O1 - Hosts: 62.75.224.159 mediabuy-nic.cjt1.net
O1 - Hosts: 62.75.224.159 O1 - Hosts: 62.75.224.159 m7z.net
O1 - Hosts: 62.75.224.159 jcms.cydoor.com
O1 - Hosts: 62.75.224.159 cydoor.com
O1 - Hosts: 62.75.224.159 O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net
O1 - Hosts: 62.75.224.159 j.2004CMS.com
O1 - Hosts: 62.75.224.159 2004CMS.com
O1 - Hosts: 62.75.224.159 bns1.m7z.net
O1 - Hosts: 62.75.224.159 jcontent.bns1.net
O1 - Hosts: 62.75.224.159 jbns2.cydoor.com
O1 - Hosts: 62.75.224.159 ct.cydoor.com
O1 - Hosts: 62.75.224.159 redirect.cydoor.com
O1 - Hosts: 62.75.224.159 client.exeem.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AudioHQU] C:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\appz\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Microsoft WFC Forms Designer - file://F:\VJ98\wfcforms.cab
O16 - DPF: Visual Studio 6 Extensibility Libraries - file://F:\VJ98\vstudio6.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

TrekBiker
  • Locked
  • Question
Version 23H2 preventing full shut down
Replies
5
Views
1K
pjw001
pjw001
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
1
Views
902
pjw001
pjw001
hamburg18w
  • Locked
  • Question
Task Host is Stopping the Shutdown
Replies
1
Views
1K
Ign3us
Ign3us
Sebastian42
  • Locked
  • Question
How to make PC-Linq work between Win10 PCs ?
Replies
12
Views
884
Rick998
Rick998
keithinoz
  • Locked
  • Question
Pair issue pc to phone
Replies
4
Views
328
keithinoz
keithinoz

Part and Inventory Search

Sponsor

Back
Top