1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

shutdown problem on ME

Discussion in 'Earlier Versions of Windows' started by Duane G/L, Jan 4, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Duane G/L

    Duane G/L Thread Starter

    Joined:
    Jan 4, 2003
    Messages:
    4
    when shutting down,my pc closes all programmes except rundll,im pretty new to all this so i dont know what it is.i have to do an improper shut down for my pc to start over again then finally shut down sucessfully
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Duane, welcome to TSG, let's see a post of your current startups and running processes. Get the StartupList.zip file from the site below, unzip and run StartupList.exe

    Then on the text file that opens, click Edit>Select All>Edit>Copy and paste the copied text to a reply here by right clicking on a message window and selecting "paste".

    http://www.lurkhere.com/~nicefiles/
     
  3. Duane G/L

    Duane G/L Thread Starter

    Joined:
    Jan 4, 2003
    Messages:
    4
    StartupList report, 05/01/2003, 01:28:24
    StartupList version: 1.50
    Started from : C:\UNZIPPED\STARTUPLIST15[1]\STARTUPLIST.EXE
    Detected: Windows ME (Win9x 4.90.3000)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\ptsnoop.exe
    C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\GEARBOX CONNECTION KIT\BIN\CONFSVR.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\PROGRAM FILES\GEARBOX CONNECTION KIT\BIN\GBTASK.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\GEARBOX CONNECTION KIT\BIN\GBDASH.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\UNZIPPED\STARTUPLIST15[1]\STARTUPLIST.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Start Menu\Programs\StartUp]
    Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
    TaskMonitor = C:\WINDOWS\taskmon.exe
    PCHealth = C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    SystemTray = SysTray.Exe
    Password Check = c:\windows\GrabCookie.exe
    CountrySelection = pctptt.exe
    PTSNOOP = ptsnoop.exe
    Adaptec DirectCD = C:\Program Files\DirectCD\DIRECTCD.EXE
    Gearbox = "C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe"
    LoadQM = loadqm.exe
    nwiz = nwiz.exe /install
    zBrowser Launcher = C:\Program Files\Logitech\iTouch\iTouch.exe
    MMTray = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    SchedulingAgent = mstask.exe
    SSDPSRV = C:\WINDOWS\SYSTEM\ssdpsrv.exe
    *StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    msnmsgr = "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    LDM = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

    --------------------------------------------------

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [{89820200-ECBD-11cf-8B85-00AA005B4395}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [>PerUser_MSN_Clean] *
    StubPath = C:\WINDOWS\msnmgsr1.exe

    [PerUser_LinkBar_URLs] *
    StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

    [{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
    StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = C:\WINDOWS\SYSTEM\ie4uinit.exe

    --------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=
    run=

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=Explorer.exe
    SCRNSAVE.EXE=
    drivers=mmsystem.dll power.drv

    --------------------------------------------------

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 31/12/2002, 14:29:56)

    [Rename]
    C:\WINDOWS\SYSTEM\URLMON.DLL=C:\WINDOWS\SYSTEM\SETC362.TMP
    C:\WINDOWS\SYSTEM\MSHTML.DLL=C:\WINDOWS\SYSTEM\SETC363.TMP
    C:\WINDOWS\SYSTEM\SHDOCVW.DLL=C:\WINDOWS\SYSTEM\SETC364.TMP

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    SET COMSPEC=C:\WINDOWS\COMMAND.COM
    SET windir=C:\WINDOWS
    SET winbootdir=C:\WINDOWS
    SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
    SET PROMPT=$p$g
    SET TEMP=C:\WINDOWS\TEMP
    SET TMP=C:\WINDOWS\TEMP

    --------------------------------------------------

    C:\WINDOWS\WINSTART.BAT listing:

    @C:\WINDOWS\tmpcpyis.bat

    --------------------------------------------------

    C:\WINDOWS\DOSSTART.BAT listing:

    @echo off
    REM
    REM

    --------------------------------------------------

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    --------------------------------------------------

    Enumerating Browser Helper Objects:

    (no name) - c:\windows\downloaded program files\googletoolbar_en_1.1.66-deleon.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job
    PCHealth Scheduler for Data Collection.job
    Maintenance-ScanDisk.job
    Maintenance-Defragment programs.job
    Maintenance-Disk cleanup.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\SWFLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    [CSS Web Installer Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CSSWEB.DLL
    CODEBASE = http://www.freedom.net/onlineviruscheck/cabs/cssweb.cab

    [HouseCall Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
    CODEBASE = http://a840.g.akamai.net/7/840/537/2002092801/housecall.antivirus.com/housecall/xscan53.cab

    [sys Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PCPITSTOP.DLL
    CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

    [HeartbeatCtl Class]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\HRTBEAT.OCX
    CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37588.4016666667

    [MSN Chat Control 4.5]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNCHAT45.OCX
    CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab

    [{DC187740-46A9-11D5-A815-00B0D0428C0C}]
    CODEBASE = http://www.pcpowerscan.com/download/setup/pcpowerscan.cab

    --------------------------------------------------
    End of report, 9,110 bytes
    Report generated in 0.308 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Assuming now that this is rundll and not rundll32.exe that is causing the shutdown problem, it would appear to be the one associated with your TaskBar Display controls:

    Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

    I believe this was originally enabled through Display Properties > Settings > Advanced, and you should be able to uncheck it there. Right click on the Desktop and select Properties>Settings >Advanced.

    Another way to disable it is to click Start>Run, enter msconfig and click on the Startup tab. It can be unchecked there.

    I would also recommend you run msconfig to uncheck these two items which are troublesome and useless:

    LoadQM = loadqm.exe

    LDM = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

    >>>Now the only really strange and unknown startup (to me at least) is this:

    Password Check = c:\windows\GrabCookie.exe

    Do you know what it is, and can you give me a link to the site or software that installed it? If you do a File search for grabcookie.exe and right click and select Properties>Version, does it have copyright and version information?

    If you do not know what it is, I suggest this:

    Click Start>Run, enter regedit and navigate to:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    >> with the RUN folder highlighted on the left, look for that entry in the Right Hand pane and Right click on it and delete it.
     
  5. Duane G/L

    Duane G/L Thread Starter

    Joined:
    Jan 4, 2003
    Messages:
    4
    as i just shut down it was rundll32 that never closed,sometimes its that and sometimes its just rundll...as for the password check,i did a file search on it and it came back as if it was installed on pc when we bought it,there has been a keylogger installed on pc but since been deleted i think!!!!!!!!!, the password check came up as TYPE OF FILE=application DESCRIPTION=grabcookie LOCATION=C:windows SIZE 368KB (376,832 bytes) SIZE ON DISK 384KB(393,216bytes) CREATED 16 oct2000, ATTRIBUTES READ ONLY(which is checked),hidden and archive unchecked.....pc is from "TIME" computers if thats any help,,just remember im still all new to this....
     
  6. Duane G/L

    Duane G/L Thread Starter

    Joined:
    Jan 4, 2003
    Messages:
    4
    oh also the password check didnt seem to have a copyright or version,not that i could see anyway
     
  7. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Ok, passwork check is ripe for removal or deletion then. I take it there is nothing in Add/Remove programs for it. If there is, remove it from there. If not, remove it running regedit as I suggested.

    Now if you have not yet removed New.net or obtained and run Spybot. download the lsp-fix file from this site for safe keeping. If you have connectivity problems getting back, run it and have it repair the lsp protocols:

    http://www.cexx.org/lspfix.htm

    After you have that file on hand, just proceed with the rest of the directions and then post a new startup list. If you have any questions or there is something that is not clear, just ask, it may take a little longer, but better safe than sorry.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/111430

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice