1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

end task dialog box with no program name

Discussion in 'Virus & Other Malware Removal' started by freecho, Jan 28, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. freecho

    freecho Thread Starter

    Joined:
    Jan 28, 2003
    Messages:
    97
    I'm having a few problems. I get intermittent freeze up runing Win ME. Also when I shutdown I freeze, forcing me to press power button. What seems to worry me the most is sometimes when I shutdown, I get a dialog box stating a program is not responding and then gives me the option to end task or wait, but there isn't any program name on the title bar. I'm concerned if this is viral behavior. I have not read any other post on this.

    Here is my startuplist that everyone else seem to be fond of but i haven't a clue what most of these entries are. Much appreciated for any help.

    StartupList report, 1/27/2003, 11:12:54 PM
    StartupList version: 1.51
    Started from : F:\INCOMING\STARTUPLIST.EXE
    Detected: Windows ME (Win9x 4.90.3000)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\ADAPTEC\GOBACK\GBPOLL.EXE
    C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPERWORKSTATION\DKSERVICE.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\BCMDMMSG.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\DEVLDR16.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\VERIZON ONLINE\WINPOET\WINPPPOVERETHERNET.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\ICSMGR.EXE
    C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
    C:\WEBSHOTZ\WEBSHOTS\WEBSHOTSTRAY.EXE
    E:\ACROBAT\DISTILLR\ACROTRAY.EXE
    F:\INCOMING\STARTUPLIST.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Start Menu\Programs\StartUp]
    EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
    Webshots.lnk = C:\webshotz\Webshots\WebshotsTray.exe
    Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    Acrobat Assistant.lnk = E:\acrobat\Distillr\AcroTray.exe

    Shell folders Common Startup:
    [C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
    ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    TaskMonitor = C:\WINDOWS\taskmon.exe
    SystemTray = SysTray.Exe
    Norton Auto-Protect = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    NAV DefAlert = C:\PROGRA~1\NORTON~1\DEFALERT.EXE
    Norton eMail Protect = C:\Program Files\Norton AntiVirus\POPROXY.EXE
    Tweak UI = RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\SYSTEM\\NVCpl.dll,NvStartup
    a-winpoet-service = "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
    ICSMGR = ICSMGR.EXE
    EM_EXEC = C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    devldr16.exe = C:\WINDOWS\SYSTEM\devldr16.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    *StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
    GoBack Polling Service = C:\Program Files\Adaptec\GoBack\GBPoll.exe
    SAgent2ExePath = C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    TrueVector = C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    SchedulingAgent = mstask.exe
    DkService = C:\Program Files\Executive Software\DiskeeperWorkstation\DkService.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    LDM = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 25/1/2003, 23:44:20)

    [rename]
    nul=C:\WINDOWS\TEMP\~f51e43.tmp
    nul=C:\WINDOWS\TEMP\~f51e43.tmp

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    SET windir=C:\WINDOWS
    SET winbootdir=C:\WINDOWS
    SET COMSPEC=C:\WINDOWS\COMMAND.COM
    SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;E:\ULTRAE~1
    SET PROMPT=$p$g
    SET TEMP=C:\WINDOWS\TEMP
    SET TMP=C:\WINDOWS\TEMP

    --------------------------------------------------

    C:\WINDOWS\WINSTART.BAT listing:

    C:\WINDOWS\tmpcpyis.bat

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\PROGRA~1\SURFSA~1\SURFSA~1.DLL (file missing) - {CBB0A6A0-8430-11D4-814D-0050047090B1}
    (no name) - c:\windows\downloaded program files\googletoolbar_en_1.1.66-deleon.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (no name) - E:\ACROBAT\ACROBAT\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job
    PCHealth Scheduler for Data Collection.job
    Symantec NetDetect.job
    Maintenance-Defragment programs.job
    Maintenance-ScanDisk.job
    Maintenance-Disk cleanup.job
    weekly virus scan.job
    daily live update check.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [{11111111-1111-1111-1111-111111111111}]
    CODEBASE = http://canderp1.nocreditcard.net/download/newdial-erp/975/dialer.exe

    [MSNBC News Menu Control 3.01]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\NEWSM301.OCX
    CODEBASE = http://www.msnbc.com/download/nr1228.cab

    [IPIX ActiveX Control]
    InProcServer32 = C:\WINDOWS\OCCACHE\IPIXX.OCX
    CODEBASE = http://www.ipix.com/viewers/ipixx.cab

    [CfgAOL Class 2]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\NSCFGAOL.DLL
    CODEBASE = https://www.netsetter.com/r/ns/config/nscfgaol.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [GigexCtrl ActiveX]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\GIGEXAGENT.DLL
    CODEBASE = http://www.gigex.com/tv/igor/gigexagent.dll

    [{41F17733-B041-4099-A042-B518BB6A408C}]
    CODEBASE = http://a224.g.akamai.net/7/224/52/2...apple.com/qt502/us/win/QuickTimeInstaller.exe

    [MailConfigure Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MAILCFG.DLL
    CODEBASE = http://supportservices.msn.com/us/oeconfig/MailCfg.cab

    [Symantec RuFSI Registry Information Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL
    CODEBASE = http://security1.norton.com/us/sa/common/common/bin/cabsa.cab

    [CV3 Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
    CODEBASE = http://windowsupdate.microsoft.com/R1024/V31Controls/x86/mil/en/actsetup.cab

    [Symantec AntiVirus scanner]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AVSNIFF.DLL
    CODEBASE = http://security1.norton.com/SSC/SharedContent/vc/bin/AvSniff.cab

    [Download.Complete]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\DOWNLOAD.OCX
    CODEBASE = http://www.measureup.com/test/controls/SelectPlace.CAB

    [AV Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PAV.DLL
    CODEBASE = http://pcpitstop.com/antivirus/PCPAV.CAB

    [QuickTime Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
    CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37594.828125

    --------------------------------------------------

    Enumerating Winsock LSP files:

    Protocol #1: csloa2.dll (file MISSING)

    --------------------------------------------------
    End of report, 8,307 bytes
    Report generated in 0.607 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Welcome to TSG, freecho. I don't see any obvious explanation for the shutdown problem there and that will probably have to be investigated using "clean-boot" methods.

    There are some minor issues you can resolve with the program HijackThis available here:

    http://www.lurkhere.com/~nicefiles/

    Under Browser Helper Objects, you have this "orphaned" entry, which is probably not very legit one way or another:

    (no name) - C:\PROGRA~1\SURFSA~1\SURFSA~1.DLL (file missing) - {CBB0A6A0-8430-11D4-814D-0050047090B1}

    Under Download Program Files you have several entries which should be removed:

    1 -- [{11111111-1111-1111-1111-111111111111}]
    CODEBASE = http://canderp1.nocreditcard.net/do.../975/dialer.exe

    2 -- [IPIX ActiveX Control]
    InProcServer32 = C:\WINDOWS\OCCACHE\IPIXX.OCX
    CODEBASE = http://www.ipix.com/viewers/ipixx.cab

    3 -- [CfgAOL Class 2]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\NSCFGAOL.DLL
    CODEBASE = https://www.netsetter.com/r/ns/config/nscfgaol.cab

    4 -- [GigexCtrl ActiveX]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\GIGEXAGENT.DLL
    CODEBASE = http://www.gigex.com/tv/igor/gigexagent.dll

    5 -- [Download.Complete]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\DOWNLOAD.OCX
    CODEBASE = http://www.measureup.com/test/controls/SelectPlace.CAB

    >> These can all be removed with HijackThis. The ones I am listing are either spy and dialer related, not necessary or mysterious with no data concerning them. Do not fear removing any of them. Legitimate sites will prompt you to accept a download of their ActiveX objects when required. You should ONLY accept these prompts from trusted sites.

    Note on number 4: If you are satisfied with Gigex's Privacy Statement, then of course it's up to you whether it provides a worthwhile service:

    http://www.gigex.com/company/com_privacy.asp

    ======================

    To troubleshoot the shutdown problem, I would suggest running msconfig and under the startup tab, remove checks for all but ScanRegistry, systray, and *.statemgr and see if the problem persists. If it does then the problem is not likely related to startups. If you can shutdown normally, begin re-checking groups of files, such as those for your antivirus and firewall and see if the problem returns; proceed until you find the culprit.

    This one should really be left permanently unchecked as it is only an update checker for logitech and you don't need any unnecessary clutter...

    LDM = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

    Also here is a good link that is useful in evaluating what you see in a startup list:

    http://www.lafn.org/webconnect/mentor/startup/PENINDEX.HTM
     
  3. freecho

    freecho Thread Starter

    Joined:
    Jan 28, 2003
    Messages:
    97
    thanks rollin. that dialer.exe looked suspicious to me. the others look greek to me. i just dl hijakthis and i'll see if i can figure out how to use it.
     
  4. freecho

    freecho Thread Starter

    Joined:
    Jan 28, 2003
    Messages:
    97
    wow. what a great program and it's super fast. i got rid of the stuff in question. i'm gonna reboot and see if they're still around. now i looked at some of the programs that hijackthis listed and some of the programs i've been trying to find ways of stopping it from loading (like unchecking it in msconfig). In particular, "devldr16" and "check for microsoft works update". Can i just check it and click the fix checked ?? Can it be that simple??

    I read somewhere in this site on how to get rid of "devldr16" but it didn't work for me. I was reading that devldr16 is only needed for dos sounds and that it is very unstable and worthwhile to get rid of.
     
  5. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    devldr is damn near impossible to get rid of and will just come back if deleted or unchecked. Some people report renaming the file helps, but still leaves the startup entry, though no error is reported. I would just leave it alone, personally.

    I would not remove anything through HijackThis that you are not sure you want to permenantly remove. If unchecking them in msconfig only results in their coming back, then that will happen if they are deleted too.

    If you figure a way to get rid of Works update detection, let me know; I've done everything but rename the files in XP and it keeps coming back. I think others have better luck in other OS systems just disabling it through Works itself: customize > uncheck "notify". Doesn't work for me though.
     
  6. freecho

    freecho Thread Starter

    Joined:
    Jan 28, 2003
    Messages:
    97
    thanks. I'll leave it be. I knew it wouldn't be that easy.
     
  7. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Was the original problem resolved? I know if it is a very intermittant type of problem it is not easy to isolate except by disabling startup programs for an extended period of testing.

    You can also try doing a ctrl-alt-del before shutting down and systematicaly "end-task" the processes. Then shutdown when only Explorer and systray are left. This might allow you to pin-point the offender.
     
  8. freecho

    freecho Thread Starter

    Joined:
    Jan 28, 2003
    Messages:
    97
    maybe over the weekend i'll try the unchecking all except a few on the msconfig. as for ctrlaltdel then end task all except systray and explorer, it never shutdown fully. it's like the system is expecting to shut something down. But it's not running so it just hang. I end task everything when i do my weekly scandisk, defrag and virus check and whenever i do it, i can never fully shutdown.
     
  9. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Ok, but as you end task things, you may get a "program not responding" for one of them. If you do, then what you end tasked is "the program"
     
  10. freecho

    freecho Thread Starter

    Joined:
    Jan 28, 2003
    Messages:
    97
    i still get a dialog box sometimes when i shut down telling me that a program is not responding and if i want to end task, wait or shutdown with no indication to what program it is. Normally the name of the program is on the title bar but it's simply blank. I'm afraid it's some kind of virus running that is able to elude detection.
    This may sound very naive but wouldn't any popular viral checker with updated definitions detect any malicious codes? i know that new viruses comes out daily but i figure if i keep updating the definitions a virus will eventually be detected.
    Also, is there a way of checking if my virus checker is actually able to detect a virus?
     
  11. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
  12. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    If you are not actively using Internet Connection Sharing, I would suggest you disable that at least temporarily for testing. You show it in your startups as:

    ICSMGR = ICSMGR.EXE

    Also, while I doubt it's a virus, we've seen a few cases where NAV does miss things. You can do an online scan here to double check:

    http://housecall.antivirus.com/
     
  13. freecho

    freecho Thread Starter

    Joined:
    Jan 28, 2003
    Messages:
    97
    I just got rid of ics program and all is fine.

    I tried changing the name of devldr16 and see what happens. My headphones stop working which I rather have so thank god I didn't delete it.

    I also checked out eicar.com--> pretty neat. Norton works fine. My friend said he gets copies of the real viruses to check to see if his AV program actually runs. He doesn't actually runs them, he just does a scan and see if they find it. Is this good practice?

    I think I'll skip on stopping all programs from starting except a few only because the problem occurs only occasionally and would hate to run the cpr for long periods w/o certain programs. Maybe in the future I'll try it.

    As for end tasking and see which programs hang, there are a few of them.
    -zonealarm hangs
    -devldr16 almost all the times hangs
    -navapw32(norton) hangs
    -poproxy (also norton's I think)
    -bcmdmmsg (my modem)
    -Winpppoverethernet

    I'm not really worried about the hanging problem, I'm more worried about the end task box that do not give me any clue as to what program it is referring to. My friend tells me it's time to reformat and to get rid of winME.
    Sorry for running off like this but I'm trying to respond to all the comments
     
  14. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I would leave this one unchecked as it is simply a vendor piece of "spyware" that has no useful functionality:

    LDM = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

    And you can experiment with leaving -bcmdmmsg unchecked. I have this as well in XP and can't see any difference with it checked or unchecked. It's probably for some messaging function that I have no use for.

    This is much the same as backweb, just checks for updates:

    Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

    Webshots and Acrobat Assistant you may not find important to keep in startup as well.

    You can review what these are and any others using this link:

    http://www.lafn.org/webconnect/mentor/startup/PENINDEX.HTM
     
  15. freecho

    freecho Thread Starter

    Joined:
    Jan 28, 2003
    Messages:
    97
    when you say to leave unchecked do you mean to uncheck it using msconfig.exe or something else like hijackthis?
    I used msconfig.exe to disable bcmmsg.. and it still pops up in my task manager. Sometimes when i disable using msconfig it simply adds another entry in the msconfig on top of the unchecked version, however the bcmmsg program is currently unchecked but still remains in my task manager.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - task dialog program
  1. Dano2
    Replies:
    0
    Views:
    346
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/115672

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice