XP not shutting down

[turbo24]

Okay so heres the deal. I cannot shut down my computer unless I go into task manager and manually end processes and then if I get lucky, it will shut down but even then it is not certain that it will. I usually have like 26 or 27 processes going and I found that cool "pac-portal" page and verified that I need most of them. I downloaded a program that allowed me to see even the hidden processes and nothing jumps out at me as being the issue. (That is, the stuff listed is stuff I have had for a while and this is a new problem.)
I did have a couple of questions about the processes though.

1 - I show "regedit" as a running process even though I am not actaully running it. Is regedit a program that is always going in the background?? Is there any known process or program that hijacks this?
2 - When I look into event viewer and check the properties of the event, the shutdown problem merely says that the attempt to shut down failed and it gives event ID as 1703. What does that id represent??
3 - I ran "tasklist /svc" at command prompt and got the list of running tasks and what they were for, and there are 5 instances of "svchost" running. I understand thats a generic process and I was wondering if it would ever be a bad thing to run? Like how do I know that the item or service it is hosting for isn't bad?

And to let you guys know, I have ran my virus scanner, my definitions are up to date, and I have run two different scans for spyware/adware (using Adaware and an online one) and I check out (supposedly) to be clean.

What gives??

I can post my processes here later if you want me to but i am at work now so it would not be till later......

[bonzai]

Why don't you run a search starting from C:\ on 'regedit.exe' or 'regedit.com' and see how many entries turn up and where they reside on the hard drive. Then you will know which file might be suspiciious.

[turbo24]

okay I will try that when i get home, but how will I know what is bad?

[bonzai]

The valid 'regedit.exe' is only under C:\Windows

[turbo24]

okay, here si what I find upon searching for regedit.*

regedit.exe in windows folder
regedit.chm in windows help
regedit.hlp in windows help
regedit.exe -1B606482.pf in windows prefetch folder
regedit.exe in windows/system32/dllcache folder

Look right??

[bonzai]

What are you on, XP? I don't have regedit.exe under dllcache folder. That could be the culprit.

[dbzzy]

I had the same problem, turns out that the culprit was Norton Anti-virus. The only way to remedy the situation is to uninstall and reinstall Norton.

[turbo24]

Yes, I run XP pro.
You do not have one in your dll cache? I can't see how Norton could be the culprit because I have always ran that and just recently (like this week) have I had the regedit deal going on.

Here....I read all sorts of comments on Hijack This being a good program so I ran it....Maybe this log will help????

Logfile of HijackThis v1.97.6
Scan saved at 9:00:59 PM, on 11/14/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
C:\WINDOWS\REGEDIT.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AnalogX\CookieWall\cookie.exe
C:\downloads\New new\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.broderbund.com/IFW/Cabs/isetup.cab
O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.broderbund.com/plugin/Download.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yaho...bio5_0_2_7.cab

[andyms18a]

try start run msconfig and untick all startup items then reboot and then shutdown if it works go back to msconfig and tick one thing at a time rebooting and then shuting down till it hangs the last thing you ticked is most likley the culprit