Spyware, Viruses, & Security forum

General discussion

Registry and system shutting down automatically.

I posted this accidentally on the newbie post, here it is in the proper location.

I have an issue when I run a variety of AntiVirus software. It shuts the system down about 20 minutes into the search. The only way to start up is a hard power down, as in unplug and wait 15 seconds. There is then no record of an error in the error log in Windows. So I think the system thinks the computer just shut down normally or had a power failure. I usually will have to run the disk check when starting up. I have run a variety of spyware killers and none have found anything. So I thought I should check out the registry and downloaded and ran WinAso2.5 to search the registry. This is what it found.

620,803 items
2994 errors
210 high risk errors
347 errors to ignore

As a note 1600 or so of the errors were related to trying to find shortcuts to AutoCad files that have been zipped or moved.

My questions are this:

What the heck is causing both McAfee and NAV to shut down during a system scan?

How can I find it and delete it?

Should I clean the registry or is this amount not out of the ordinary?

FYI: I replaced the power supply last year when it died. I also have an occasional shutdown (power failure) that is very frustrating since it leaves no trace of an error.

OS: Win2000Pro
P4-1.6
1GB ram

Thanks, Brian

Discussion is locked
You are posting a reply to: Registry and system shutting down automatically.
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Registry and system shutting down automatically.
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
This is what Hijack this file looks like. Nothing wierd?

In reply to: Registry and system shutting down automatically.

Logfile of HijackThis v1.99.1
Scan saved at 8:12:38 PM, on 1/16/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\HPOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\HPOFXM07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\HPOSTS07.exe
C:\WINDOWS\explorer.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\AutoCAD 2002\acad.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\install\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *r4.attbi.com
F2 - REG:system.ini: Shell=
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -

c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\RunServices: [Win2k autoloader] ocxdll
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp

psc 900 series\Bin\hpobrt07.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 2.lnk = C:\Program Files\Hewlett-Packard\AiO\hp

psc 900 series\Bin\hpobrt07.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common

Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program

Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -

http://components.metastream.com/MTSInstallers/MetaStream3.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} -

http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -

http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -

http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. -

C:\WINDOWS\System32\dmadmin.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program

Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc -

C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Microsoft NetWork FireWall Services - Unknown owner - NetServices.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program

Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\MSTask1.exe (file

missing)

Collapse -
This Site Does NOT Do HJT Logs. To Save Time......

In reply to: This is what Hijack this file looks like. Nothing wierd?

you can try a Copy&Paste of your log to the link below for an online Auto Scan. It's quick & easy BUT>>>
it is known for some false positives, it's data base is not totally comprehensive so many items may come back as
"Unknown" (although they may be known to you as safe & wanted). Has a tendency to warn about any Active-X as a security threat (surely can be) even Spybots own BHO bad download blocker( it ends w:-42484F). If All good you've saved time for yourself and the volunteer experts at sites that DO do HJT Logs. Auto Scan Here:
http://www.hijackthis.de/index.php
There are numerous sites that do them but all are very busy and may take some days to complete. Most ask you to install & run various AV/anti-spyware scans and use them to clean first to reduce entries work load. Basically I consider most of them good to have & use regularly anyway!
If needed just type Hijack This & Sites into the search at the top of forum pages. (yours looks good to me but I know NOTHING of such things). Enjoy!! Grin

Collapse -
Additional Thoughts: Only 1 AV Should be ''Resident'' on 1.

In reply to: Registry and system shutting down automatically.

computer. Having 2 running in background could cause conflicts. Normally OK if 2nd one is completely in-active(disabled: nothing running at all) and is only used as on demand scanner AFTER other AV completely disabled (Norton is tricky to completely shut down (''disable: Auto Protect''!}. Norton is particularly known for NOT playing nice with others (competitors!).
Some worms are known for frequent & random reboots.Thus an online scan using Java at Housecalls may help if NAV will allow. Here:
http://uk.trendmicro-europe.com/enterprise/products/housecall_launch.php
Under same warning, you could download current Stinger.exe & run. Limited targets but most of major current worms/viruses and all their variants are included. You don't install like an AV.Put in folder & just double click on exe & let scan. Let remove any found and save log file for future reference.Here:
http://vil.nai.com/vil/stinger/
Have a look at your MSConfig> Start-up Tab. Is there a ''Kernel Fault Check Dumprep x-x'' (letters) Listed?
Possibly Hardware (overheat or inadequate wattage on PWS). Figure 100 watts PER optical drive incl HDs, CD/DVD Roms, RWs, image scanners, USB devices, printers, cameras (up to 400-500 watts assuming not all are used at same time).
Sorry, can't make any sensible comment on reg errors (don't & don't want to know!).Hope something clicks!:D

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.