Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Mysterious "Program - 0" holding up shut down

Status
Not open for further replies.
askIllustrator

askIllustrator

Technical User
Apr 20, 2001
698
DE
Everytime I shutdown my Win2k box it hangs at one of those &quot;shutting down <app name>&quot; dialogs that shows a progress bar made out of squares and an End Now button. You see it anytime an doc with unsaved data is left open. Only I have no idea what the heck Program - 0 is. I'm pretty sure it's spyware of some sort (my partners kid has an account on this machine :p). Is anyone familiar with where to look or how to get rid of this one? Thanks ahead of time.

&quot;Great spirits have always encountered violent opposition from mediocre minds.&quot; -Einstein
 
Sort by date Sort by votes
Download spybot, and adaware and update the definitions on them. Then run them.
If that still aint working, download hijack this and run it, post the log here.
 
Upvote 0 Downvote
I've been using adaware, spybot, and spywareblaster for some time. I have to run them about every morning because of this kids internet activity. I don't see the purpose of user profiles if everyone suffers. I know I know, I'm getting another machine for here at the office. Here is the log from Hijack This... brace yourself.

Logfile of HijackThis v1.97.7
Scan saved at 10:57:00 AM, on 12/15/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\twain_32\SiPix\SCBlink2\Srvany.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\twain_32\SiPix\SCBlink2\USBPNP.exe
C:\WINNT\system32\GEARSEC.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NuCam\CamCheck\CamCheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\jzkjkiew.exe
C:\WINNT\system32\iuankk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\ksqvwngt.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Extensis\Suitcase\Suitcase.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O1 - Hosts: 211.162.108.123 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C7CC930-7E97-697E-0668-BA80FEB7FF6B} - C:\WINNT\system32\cczrjtxq.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B8A0E9CC-EBAE-F5B5-08EA-E67D6986BE42} - C:\WINNT\system32\mzypeotw.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] &quot;C:\Program Files\Common Files\Real\Update_OB\realsched.exe&quot; -osboot
O4 - HKLM\..\Run: [CamCheck] C:\Program Files\NuCam\CamCheck\CamCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] &quot;C:\Program Files\QuickTime\qttask.exe&quot; -atboottime
O4 - HKLM\..\Run: [wzbyhgnz] C:\WINNT\jzkjkiew.exe
O4 - HKLM\..\Run: [] C:\WINNT\system32\iuankk.exe
O4 - HKLM\..\Run: [ockjpoze] C:\WINNT\system32\ksqvwngt.exe
O4 - Startup: Shortcut to Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Shortcut to mirc.exe.lnk = C:\Program Files\mIRC\mirc.exe
O4 - Startup: Shortcut to Suitcase.exe.lnk = C:\Program Files\Extensis\Suitcase\Suitcase.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -

&quot;Great spirits have always encountered violent opposition from mediocre minds.&quot; -Einstein
 
Upvote 0 Downvote
By running adware well Spybot Search and destroy u should be able to get rid of all those Hosts, to advertisements.

I advise u downlaod Pop Up Cop which will stop all those annoying pop-ups
 
Upvote 0 Downvote
narrowed it down to a process called iuankk.exe. When I disable this process it shuts down fine. I'm afraid to delete it though cause I think it's tied to my address book somehow.

&quot;Great spirits have always encountered violent opposition from mediocre minds.&quot; -Einstein
 
Upvote 0 Downvote
well never heard of that before I would try renaming it to .old and c wat happens
 
Upvote 0 Downvote
I know you have run the tools before, but humor me.

Download and run in this order:

cwshredder *
SpyBot 1.2 *
AdAware *

* = Update the definition files within the program as the first step.


Reboot, and then run Trend Micro and Panda from smah's FAQ: faq760-3862

Delete the file c:\winnt\system32\drivers\etc\HOSTS
Reboot.

If you still have the problem, download and run Hijack This! and post the log here.
 
Upvote 0 Downvote
Hi,
jzkjkiew.exe looks very dodgy as do a few more of the processes running.
Do as bcastner advises and run all those apps, however make sure that they are up to date which cannot be highlighted enough.
 
Upvote 0 Downvote
I run updated versions every morning. I've raised this kids browser security level all the way up and I still have to. I'm about to disable his active x and java all together. I've already had to disable network messenger because of him. I renamed iuankk.exe to .bak and all seems well so I'm probably gonna trash it. I thought jzkjkiew looked fishy too kippy so I'm gonna try that one too. This kinda stuff always makes me wanna do a wipe and reinstall so that's more likely what I'll end up doing. Thanks for all your help btw.

&quot;Great spirits have always encountered violent opposition from mediocre minds.&quot; -Einstein
 
Upvote 0 Downvote
It is frustrating, but you often need to tell the scanning program to &quot;fix&quot; the errors. Your Hijack posting shows that Hijack This! identified a lot of problems. I will detal with the O1: Hosts entries as a special issue.

At a minimum, have Hijack This! remove these entries:

O4 - HKLM\..\Run: [wzbyhgnz] C:\WINNT\jzkjkiew.exe
O4 - HKLM\..\Run: [] C:\WINNT\system32\iuankk.exe
O4 - HKLM\..\Run: [ockjpoze] C:\WINNT\system32\ksqvwngt.exe

Then boot into Safe Mode by hitting F8 early and often on startup.

Start, Run CMD

del /s /q C:\WINNT\system32\iuankk.exe
del /s /q C:\WINNT\jzkjkiew.exe
del /s /q C:\WINNT\system32\ksqvwngt.exe
del /s /q C:\Winnt|system32\drivers\etc\HOSTS*.*

Reboot into Normal mode, and post a new Hijack listing if you continue to have issues.



 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

TrekBiker
  • Locked
  • Question
Version 23H2 preventing full shut down
Replies
5
Views
969
pjw001
pjw001
Keyboy
  • Locked
  • Question
Computer freezing up
Replies
3
Views
2K
Rick998
Rick998
bobadams52
  • Locked
  • Question
error 12 program swcocx in mas90
Replies
0
Views
514
bobadams52
bobadams52
Flinx
  • Locked
  • Question
backup fails with error code 0x81000019 and possible fix 1
Replies
5
Views
2K
Flinx
Flinx
Flinx
  • Locked
  • Question
the SAGA of trying to get a computer to sleep and wake up on a schedule
Replies
1
Views
2K
Flinx
Flinx

Part and Inventory Search

Sponsor

Back
Top