help with hijack this log

[jholland1964]

Ok, you have asked for other suggestions so here is a list of much of what I have found. This is the only thing I know to do is offer you these suggestions:

Check this:
Look at Start, Settings, Control Panel, Power Options.
If there is an APM (Advanced Power Management) tab, check the "Enable
Advanced Power Management support" box and try again.
******************************************
If that doesn't help then you can also go through these steps:
http://support.microsoft.com/kb/810903
********************************************
Also found this:
This problem may occur if all the following conditions are true:

• You have East Asian Language support installed on your Windows XP-based computer and the Input Method Editor (IME) selected as your default input language.
• You have the Welcome screen turned on.

***********************************************
And something else:
Right click on "My Computer" and select "properties"

Select "Advanced". Under the "Start up and Recovery" section select "Settings"

Next to the box that says "Time to display list of operating systems:" SELECT 1. Next to the box that says "Time to display recovery options when needed:" SELECT 1. The click "OK" 2 times to exit the settings option.
Shut down.
************************************************** ****try
Open the Task Manager

End Task on different running programs just
before shutting down. This might tell you which program is having problems
shutting itself down.
*****************************************
http://www.aumha.org/win5/a/shtdwnxp.htm

That's about 4 pages worth of google searching, these were the most common answers given on all links, short of regedits which I have not included. Otherwise I honestly have no other suggestions. Here is the google link I used, you can go through those yourself and see if you see something on each site that I didn't see.

http://www.google.com/search?q=xp+ha...w&start=0&sa=N

[LJborn]

How do I turn off the Welcome Screen? I never knew that was an option.

There is an Advance Tab under Power Options, but no option to 'enable advanced power management support'... And yes, I am in classic view. No Advanced Power Management tab.

I then clicked on that microsoft link, which also wanted me to look for an APM tab. Don't know why it isn't there.

How do I get into task manager?

I forgot to ask you yesterday: When I turn the computer on, I get this warning message that pops up from the right lower corner about Avira antivirus. It says I am logged in with administrator rights and I should only be logged in with less restrictive user rights. I tried uninstalling and reinstalling and didn't see an option to change that. Avira also a couple of times has told me that it is blocking autorun, but it never tells me what program it is keeping from running....


I appreciate all the new suggestions, and will work my way down your list later today and report back.

Thank you for your patience and all the time you have taken to try to help me solve this problem.

[LJborn]

Checked task manager right before shutdown. NOthing running, but still hangs at shutdown.

Kaspersky online scanner is running right now, is 82% finished and finding nothing so far.

[jholland1964]

There HAS to be processes running, not necessarily program. Go back in there and see what processes are running.

[LJborn]

Not sure how to do that. I went to run and typed taskmgr and got a blank task manager screen with nothing running.

I just need to know what to do to answer your question.

[cauzomb]

If disk write cache is enabled, using the power button to turn off your computer could cause opperating system files to become corrupted.

The reason is that the disk write-cache memory chip may contain files that are changed; (system files, or user data) that is to be written to the hard disk. If the power is shut off to the system before the write cache data is moved to the hard disk, the cached memory disapears.

Judy is on vacation.. let me take a look at your logs and see if there is anything I can suggest to fix your shutdown issue.

[cauzomb]

I have some suggestions that might help speed up windows booting and shutdown, and may fix the shutdown hang..

The suggestions about the windows services and settings are mainly to help secure and speed up your PC, but I think they are worth the time/effort.. These steps require that you are logged in as administrator, and may take a while to complete, but you should have a faster more secure computer after it's done..


Please read through the whole post before starting, you may want to print the post for future reference. If you are going to perform these steps, do not restart your computer till everything is completed. If you are prompted to "restart" click the close box on the prompt, or the "do not restart" box.

There are some "fix your computer" or "cleaner" applications that change the way windows deals with the "page file" that might cause your computer to seem to hang at the shutdown screen, due to the page file being cleared out durring the shutdown process..

I suggest looking through your cleaner/security/privacy applications "options" or "configuration" for anything that says "clear the page file at shutdown" disable that option if you find it.

Another thing you can do is set a "fixed" page file size in the windows control panel. First, open control panel, open "system" then make a note of the amount of "memory" shown in the computer discription, near the processor type, it will be 512mb or 1GB or 2.0GB etc.. then go to the system "advanced" tab, in the performance section select "settings" find the performance settings "advanced" tab, find the "virtual memory" section then click "change"

Select the drive that you want your virtual memory "page file" located on, then select the radio button that says "custom size" enter the size in megabytes, so that the minimum and maximum size is the same number..

You want it set to about 1.5 times the ammount of system ram that is installed.. If you have betwen 1024 megabytes and 2048 megabytes of system ram 1.0GB-2.0GB, you set the minimum and maximum page file size to 3072.. Make these changes, but do not restart the computer if promted.

We are going to be working with windows services mainly, but there are some steps that you should do, between changing some services, leave the services window open, and leave the previously changed service "highlighted" so you know where you left off between steps, when you come back to the services window..


First suggestion:

Open control pannel, open "sounds and audio devices" then click on the "sounds" tab, then for sound schemes, select "No sounds" click on apply, then OK. ~this will disable the windows startup and shutdown audio clips and should speed up the startup and shutdown a little.

Second suggestion: (Might help with the shutdown hang) ~more involved..

Uninstall your current cd burning software and get ahold of "CDburnerXP"
Uninstalling your current CD burning software might have a side effect of disabling access to your CDrom drive, depending on what application you are using.

There's some other things that you can do in "services" that I'm going to include.

While logged in as administrator: Open control panel, open administrator tools then open "services"

Double click each of the following services (one at a time) when the service properties window pops up, find and click on "stop" then in the "startup type" drop down menu set them to "disabled" then click apply and OK:

Automatic UPDATES ~I suggest manually updating windows "being very selective as to which updates you install" Stop this service, then set to disabled.. You will have to set this service back to "manual" in order to use windows update.

Clipbook ~stop/disabled

Error reporting service ~stop/disabled ~there is another step to setting this properly; so that windows still warns you of critical errors.. Open the control panel, open "system" select the "advanced" tab, then find the "error reporting button" (bottom right-hand area of the "advanced" tab) click on it, then make sure the "dissable error reporting service" radio button is ticked, then make sure the box for "but notify me of critical errors" is checked. click on apply/ok.. If it asks to restart, do NOT restart... We are still working on the other services.

next service to address:

Fast user switching: stop/disabled ~this will help secure your computer somehow.


Indexing service: stop/disabled ~this service is overrated, once you have this service disabled, open control panel, administrative tools, computer managment, then maximize the + sign next to the "services and applications" icon in the left bar, next; find "Indexing service" ~should be shown at the bottom of the "services and applications" section. Right click on "indexing service" Then select "properties"
In the indexing service properties, click on the "generation" tab, ensure that both boxes are unchecked, if you unchecked boxes in the "generation" tab, click on apply, then click on the "tracking" tab. Ensure that those boxes are unchecked, if you unchecked a box there, click on apply, then click on OK..

Maximize the "indexing service + sign" There should be a list of "catalogs" Click on each folder and delete the list of catalogs in the right hand meny via "right click" delete..
You may have to delete subfolders in the right hand menu before you can delete the main folders in the left hand menu. You don't want anything left behind in the "indexing service" submenu.. I'd send you a picture of what it looks like but mine are already deleted, so it's emty.

Carefull not to delete anything other than what is listed in the indexing service submenu.

Once you have all of those folders deleted, open my computer, then right click one of your hard disks like C: D: Anything that isn't a CDROM or card reader/removeable media..

Do one at a time: Select properties, then UNCHECK "allow indexing service to index this disk for fast file searching" then click on apply.. You may get a prompt that says, cannot remove such and such.. Click the box that says "ignore all" when the opperation is complete, click on OK, then do the next hard disk, if you got another one..

Next services:

Java quick starter: stop/disabled ~this service is not needed for java to run, but may increase the time that a java applet takes to load on a webpage..


NetMeeting Remote Desktop Sharing: stop/disabled ~only if you do not use netmeeting, this will help to secure your computer.

Remote Access Auto Connection manager: stop/disabled ~same as above; if you do not use remote access; you want this disabled.. it will help stop people from remotely logging into your computer without your concent.

Remote Desktop Help Session Manager: stop/disabled ~same as above: If you do not use remote desktop; or have technicians remotely "fix" your computer you do not need this service. It will help stop people from remotely logging into your computer without your concent.

Remote Registry: stop/disabled ~same as above.. except this one is used to allow a remote user to make changes to your systems registry!

Routing and Remote Access: stop/disabled ~same as above, security related.

Secondary Logon: stop/disabled ~read the discription for this service.. You don't want it running.

SSDP Discovery Service: stop/disabled ~you can manually install drivers for any device on your home network.. Not using this service can prevent someone from connecting a hostile/malicious device to your network to gain access to your PC.

Task Scheduler: stop/disabled ~do you use task scheduler? this could be stopping your computer from shutting down if something isn't synchronized on time.. iPod, Laptop, other remote hotsync device using task scheduler to synchronize data, like a backup drive.. If you keep backups of your data, and use the task scheduler service to perform the backup, try doing it manually when the computer is IDLE, without the task scheduler service. ~the benifit of not using the task scheduler service is that other applications won't be able to use the scheduler service for "TSR" (terminate stay resident) opperations holding in memory, waiting for a specific time to perform work.. These type of opperations are sometimes used for malicious/spyware/malware purposes.

TCP/IP NetBIOS Helper: stop/disabled ~you probly don't need this if you are not using special networking protocols to access/share remote files, or broadcast media... It's another service that you can disable to help secure your computer while online.

Telephony: stop/disabled ~read the discription for this service, disable it if you do not use it. possibly better security when disabled.

Telnet: stop/disabled ~same as above.

Terminal Services:stop/disabled ~same as above.

Universal Plug and Play Device Host: stop/disabled ~I have not found a use for this service in normal home PC daily use, internet browsing etc.. mostly security related, but can free up some memory for other applications to use....

WebClient: stop/disabled ~if you do not use this service, say, you do not use a windows based application for remote "off-site" file backup/synchronisation, etc.. you don't need it.. especially considering a malicious application could use this service to access/report/phone home, with data from your computer, to remote files..

Windows Time:stop/disabled ~if your backup regime, or network printer/network storage does not require windows time service, you can disable it to free up some local resources=more memory available to other applications..

That is all for the services..

next, open controll panel, select "security center" scroll down and find the three link's at the bottom; then make the following changes:

Select the "windows firewall" link, then select "exceptions" and disable "remote assistance" and "remote desktop" click on apply, ok.. Don't restart if prompted.

back to "security center" open the "automatic updates" link, then check the box that says "turn off automatic updates" click on apply, ok... Don't restart if prompted.

Back to "security center" on the left hand menu, find "change the way security center alerts me" then uncheck all but the firewall alert, click on OK, exit security center. Don't restart if prompted.

Back to "Control panel" find and open "user accounts" then select "change the way users log on or off" then uncheck "use the welcome screen" click apply options.

Finally, close all applications and windows, then attempt to shutdown the computer, if it does hang still, wait atleast 10 minutes.. It may eventually shut down, if it has not shut down after 10 minutes, go ahead and use the power button..

If you still experience the shutdown hang appon restarting, let me know.. I have a couple other suggestions related to specific applications that may be similar to the applications that you are using.

[LJborn]

I am printing out all your suggestions. Tomorrow I will hopefully have a big chunk of time to go through and address as much as I understand.

One question already: When you say 'looking through your cleaner/security/privacy applications', you mean my CCleaner, Malwarebytes, Superantispyware and Antivir??

[cauzomb]

yes, all of them except malware bytes and CCleaner.

Some software from the "GEARS" corp, and some other security/privacy/antimalware software does have the option to clear the pagefile at shutdown.. This is where the computer appears to just "HANG" at shutdown. Other hanging at shutdown screens can be caused by driver issues or software that has custom services/applications still running.. The applications that have this option should also have a popup or status window at the time of shutdown saying "such and such application opperation in progress" "CLEARING PAGEFILE" with a status/progress bar, and another message that says windows will shut down when the opperation is complete etc.. but they dont..

I'll look up the options available for the other two applications that you mention, but if you have other applications with similar function, cleaning up or privacy protection type applications, check them for the clear pagefile at shutdown option.. Disable it if you find it..

You can manually clear the pagefile from time to time by simply turning it off, rebooting and turning it back on.. Then rebooting..

Keeping a fixed pagefile size will also help prevent hard disk fragmentation as the default settings use a "dynamic" pagefile.. Windows will put data on any available space if it decides to resize the pagefile.. Instead of only using the pre-reserved fixed pagefile.

With good practice, you won't need an additional defrag tool other than what is built into windows..

Regarding drive defrag.. You will have to take steps such as disabling pagefile prior to defrag in order for the defrag to be effective on the entire disk.

The section reserved for pagefile won't be optimized if it is active... I'm pretty sure the other defrag programs can't move/defrag protected opperating files in use and windows see's the pagefile as a protected system file. I haven't had any problem while using the regular windows defrag tool after first disabling virtual memory then restarting.

The way I do it is as follows:

Scan the computer for malware with malware bytes, or other free tool, then use crap cleaner to clean up the disk and temp files, then I make a backup of my photo's and important documents, then I disable the pagefile/virtual memory.. Only after I have a viable backup will I run defrag..

I don't use defrag untill things are backed up because it's possible for file corruption and cross linking which could damage important documents, or damage the opperating system.... Defrag is a powerfull tool that can mess up your data real quick if one little thing goes wrong..



Take your time on the services suggestions, look at the discriptions of the services, then decide if you want to disable it or not.. Or ask a second opinion here if you are uncertain..

[LJborn]

Here is what I have done so far, followed by my questions to date:

I went through the cleaner/security/privacy applications, and nothing had a "clear the page file at shutdown" option checked. In fact, according to taskmgr nothing is running at shutdown. The computer just hangs at "windows is shutting down". I've tried letting it run for much longer than 10 minutes. Still have to use power button to shutdown.

I have 3gB of RAM. Right now the page file is set for 756 minimum and 1512 maximum. I did NOT change that, because I was a bit leery of making the numbers so much bigger and wanted to check with you to see what I should do, since I figured you weren't expecting me to have 3gB of RAM. Started with much less, but upgraded with two new sticks about a year ago, which really sped up my computer (at the time).

Fixed the sounds and audio devices so no sounds.

Too chicken to do anything to the CD burner for now.

I had already gone into msconfig and after hiding Microsoft Services, dissabled all the other services

After reading your instructions, Automatic Updates I fixed. Clipbook was already stop/disabled, as was error reporting service. Fast user switching I fixed.

I have a question about indexing services. Both the boxes in the generation tab were already unchecked. I unchecked the tracking tab box, and hit apply. Then under the indexing service + sign, all that was there was System, with 3 things showing on the right: system tools, storage, and services and applications.

Since I don't see any catalogs, I stopped here, for further instructions before proceeding...

Thanks again for your help!