Jump to content


Photo

Problems shutting down


  • This topic is locked This topic is locked
8 replies to this topic

#1 jtweener

jtweener

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 14 July 2004 - 06:45 PM

When i shut down my computer a message pops up that says "this program is running" and i am given the choice to end task or wait. When i hit end task the computer usually freezes and i have to turn the power off manually.

Also when i try to defragment i have problems because there is a program running that keeps changeing the drive.

The only problems i can find is that when i hit control alt delete two programs are not responding. They are BCGU and Msgsrv32.

Here is my Hijack this log, if anyone can help i would be happy.

Logfile of HijackThis v1.97.7
Scan saved at 7:40:42 PM, on 7/14/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\TEMP\PHJR.EXE
C:\WINDOWS\TEMP\UNCU.EXE
C:\WINDOWS\APPLICATION DATA\BOLN.EXE
C:\WINDOWS\SYSTEM\NDRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\SOULSEEK\SLSK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,Default_Search_URL = http://www.gallview.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.../winsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.ithaca.edu/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homep...tart.cgi?si-001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.sma...7search/?si-001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.../winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.../winsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
F1 - win.ini: run=fntldr.exe
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\SYSTEM\MSKHHE.DLL
O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - (no file)
O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\SYSTEM\MSJFBL.DLL
O2 - BHO: (no name) - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - C:\WINDOWS\SYSTEM\MSIBKD.DLL
O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS\SYSTEM\NDRV.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [MSKernel32] C:\WINDOWS\SYSTEM\Win32.hta
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Soundmx] C:\WINDOWS\SYSTEM\soundmx.exe
O4 - HKLM\..\Run: [BCGDU] C:\WINDOWS\TEMP\BCGDU.EXE
O4 - HKLM\..\Run: [PHJR] C:\WINDOWS\TEMP\PHJR.EXE
O4 - HKLM\..\Run: [UNCU] C:\WINDOWS\TEMP\UNCU.EXE
O4 - HKLM\..\Run: [dqxabkp] C:\WINDOWS\dqxabkp.exe
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Rase] C:\WINDOWS\Application Data\boln.exe
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msmc.exe
O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\SYSTEM\NDrv.exe
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Locators.com Search Bar (HKLM)
O9 - Extra 'Tools' menuitem: Locators.com Search Bar (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .mid: C:\PROGRAM FILES\PROGRAM\PLUGINS\npaudio.dll
O14 - IERESET.INF: START_PAGE_URL=http://gateway.yahoo.com
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://carpoint.msn..../autopricer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {F34FB096-1E8C-11D4-817E-0080AD98D408} (Ax93 Control) - http://www2.dlsoft.c...ntrols/ax93.cab
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwir...5.30/Hiwire.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8009.5700462963
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O19 - User stylesheet: (file missing)

#2 Master Green

Master Green

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 14 July 2004 - 09:03 PM

Hi,
I can either type alot of info to you or you can read alot of info ? Guess what...Go to www.answersthatwork.com > click on task list > then two rows of letters in aplphabetical order will appear > click on the letter of the one in question. For example: for one of the items listed in your hijack log, mmtask.tsk > click on "M".
When you do go and check on that particular one, you will see two of them listed, one is mmtask.exe and the other is mmtask.tsk which is the one you are interested in...Hopefully you will discover from this site what's happening on your computer and can clear it up. I highly reccommend you follow it's suggestions that you will see to the right...Good luck and keep us posted...

#3 jtweener

jtweener

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 17 July 2004 - 09:15 AM

I did what the website said, except for disabling a couple programs i still use. I was able to defragment and i seem to be able to shut down with no problems.

There were a couple items that were not on the website, i hope that there are no problems with them.

Thanks for the help.

#4 Master Green

Master Green

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 18 July 2004 - 06:09 AM

Hi,
If a couple of things you saw were not listed in that site www.answersthatwork.com then they possibly are programs that you can find information about by going to www.windowsstartup.com, click on windows startup on line, then search and another row of alphabets will appear. Do the same thing there as you did in the other site. Keep up the good work and keep us posted...

#5 jtweener

jtweener

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 18 July 2004 - 02:11 PM

I tried that website too, but they were not there either. The only problem i am having is that sometimes when i shut down there is still a program running. This does not happen every time, but i can just hit end task and it shuts down fine. The programs i cant find are PHJR.exe, UNCU.exe, BOLN.exe and NDRV.exe. I wonder if i should just not worry about these.

My other question is if disabling a program with the Ultimate Troubleshooter is the same as disabling with MSCONFIG. I didnt want to disable Devldr16.exe, GWHOTKEY.exe, and AHQTB.exe because i still use them. Should i disable them with MSCONFIG and see if that fixes my problem.

#6 Master Green

Master Green

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 18 July 2004 - 09:17 PM

Hi,
I have done some research on PHJR.EXE - UNCU.EXE - BOLN.EXE and NDRV.EXE and nothing explains what those are. So the jury is out on that one.

However, Devldr16.exe and Ahqtb.exe are related to sound blaster and there has been many complaints because there has been problems ranging from startup's to crashes. It is strongly recommended that they be disabled in msconfig.

As for Hotkey.exe, if everything is up to snuff with Microsoft patches, etc, etc then this one should be okay for now.

As I suggested before, going to that site www.answersthatwork.com is an excellent site and strongly recommended you follow their info and suggestions. If you opt not too, then your problems are endless...Your call...Best of luck...

#7 Master Green

Master Green

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 19 July 2004 - 06:09 AM

Hi,
I forgot to answer your question...Going into msconfig and unchecking something does not to the best of my knowledge get rid of any programs. It just makes sure that when your computer for example starts us (boots up), that the program(s) do not start up as well. In your case I would do just that to two out of the three that is strongly recommended to do so. The program(s) will still remain active in your computer and can be accessed through start, program(s) when you wish to utilize em'...Keep us posted...

#8 jtweener

jtweener

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 23 July 2004 - 05:32 PM

I unchecked the boxes but DevLDR16 is still there when i press control alt delete when i reboot.

When i shut down there is still a program running, so i think it might be the DevLDR16.

MSGSRV32 says it is not responding alot when i press cont alt delete. Answersthatwork says to just close it unless it happens alot. If it happens alot then you should investigate. How do i investigate.

#9 jtweener

jtweener

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 23 July 2004 - 05:58 PM

I think i found the program that has been running. I shut down and the program was running, so i clicked cancel. Then i shut down BCGDU and then shut down the computer again and there was no problem.

I unchecked it with MSCONFIG and shut down again and it work correctly. Do you know what this program is and if i did the right thing?

I hope this is it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button